JSON batch format
I'm trying to post some batches of data to an HTTP source. If I send a single JSON line, everything works fine in Sumologic. If I send more than one line at a time, they all get joined into a single log entry. I tried sending them line feed separated, as a JSON array, etc. Nothing seems to do the right thing. Any ideas? Here's an example: (note the forum is line chopping those, but the only line feeds are after the end '}' of each record)
{"_Thread":"default-akka.actor.default-dispatcher-2","Pid":0,"EnvVersion":"1.1","_LoggerName":"TestApp$","Hostname":"i
p-172-27-233-31.us-west-2.compute.internal","Logger":"GelfInput","Type":"gelf","_StackTrace":"Exception: java.lang.Run
timeException: asdf\nCaused by: java.lang.RuntimeException: cause\n\tat TestApp$$anonfun$1.apply$mcV$sp(TestApp.scala:
13)\n\tat akka.actor.Scheduler$$anon$2.run(Scheduler.scala:76)\n\tat akka.actor.LightArrayRevolverScheduler$$anon$2$$a
non$1.run(LightArrayRevolverScheduler.scala:97)\n\tat akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:39)\n\
tat akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:405)\n\tat scala.concurr
ent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)\n\tat scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask
(ForkJoinPool.java:1339)\n\tat scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)\n\tat scala.co
ncurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)\n","Severity":4,"short_message":"with except
ion","_Time":"2016-07-01 15:48:11,0036","full_message":"with exception","_Severity":"WARN","Timestamp":1.467384491036e
+18,"_version":1.1,"facility":"logstash-gelf"}
{"_Time":"2016-07-01 15:48:13,0038","Type":"gelf","Pid":0,"full_message":"whatever","Severity":6,"Logger":"GelfInput",
"short_message":"whatever","_Thread":"default-akka.actor.default-dispatcher-2","EnvVersion":"1.1","facility":"logstash
-gelf","_LoggerName":"TestApp$","Hostname":"ip-172-27-233-31.us-west-2.compute.internal","_Severity":"INFO","Timestamp
":1.467384493038e+18,"_version":1.1}
{"_Thread":"default-akka.actor.default-dispatcher-2","Pid":0,"EnvVersion":"1.1","_LoggerName":"TestApp$","Hostname":"i
p-172-27-233-31.us-west-2.compute.internal","Logger":"GelfInput","Type":"gelf","_StackTrace":"Exception: java.lang.Run
timeException: asdf\nCaused by: java.lang.RuntimeException: cause\n\tat TestApp$$anonfun$1.apply$mcV$sp(TestApp.scala:
13)\n\tat akka.actor.Scheduler$$anon$2.run(Scheduler.scala:76)\n\tat akka.actor.LightArrayRevolverScheduler$$anon$2$$a
non$1.run(LightArrayRevolverScheduler.scala:97)\n\tat akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:39)\n\
tat akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:405)\n\tat scala.concurr
ent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)\n\tat scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask
(ForkJoinPool.java:1339)\n\tat scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)\n\tat scala.co
ncurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)\n","Severity":4,"short_message":"with except
ion","_Time":"2016-07-01 15:48:13,0038","full_message":"with exception","_Severity":"WARN","Timestamp":1.467384493038e
+18,"_version":1.1,"facility":"logstash-gelf"} -
Hi, You can try enabling multiline processing with Infer Boundaries or Boundary Regex option. More info here: https://help.sumologic.com/Send_Data/Sources/HTTP_Source
Please sign in to leave a comment.
Comments
1 comment