Symfony & ELK : which encoding should I use with gelf?

Question

I'm trying to monitor a symfony app with the ELK stack.

I'm shipping my logs to logstash with the following configuration :

monolog:
    handlers:
        main:
            type: gelf
            publisher:
                hostname: elk-host
                port: 10514
            formatter: monolog.formatter.gelf_message
            level: INFO

On kibana, I see that I reiceive the logs but the message is encoded in a strange way; here is an example of what kibana displays :

x\x9CMP\xC1n\x830\f\xFD\u0015+\xA7V\xAAB\xA1\f(\xD7j;Nڴ\xDD\"Ui0`)\u0004D\(\x9A\xF6\xEF\v\x9B\xD6\xEDf\xBFg\xFB\xF9\xBD\u000F1\xE1\xE8\xA9w\xA2\u0014\xB1܋\x9Dh{ϡ\u0019\xFA\x915Y\xCF^\xDA\xDEh\e\u0018\xDF\u0006\xECܡ\xF7\xBA\xC10\xF2\x8A5\x8E\xE8\f\xB9\u0006\xB8EP\xC2\xF4#*\u0001xct\xEBQ\xB8,@\xEC\xC1\xE9\u000EaSaM\u000E\xAB\u0015l\x90\x9F\u0003\xB6\xD9n\x81

Here is my monolog configuration file :

input {
    gelf {
        codec => "json"
    }
    syslog {
       port => 10514
       type => "syslog"
    }
}

filter {
}

output {
    elasticsearch {}
}

I tried to add an encoding option (charset => "UTF-8") but it was not better.

Also why are my logs displayed as "syslog" type instead of "gelf" that I specified in monolog config ?

Answer 1

Your sending GELF (JSON) output to a SYSLOG listener, you need to change to send it to the GELF port rather than the SYSLOG port