I want to use logstash to parse gelf logs over tcp with the config from below. My stream of messages is null byte delimited and never contains \n. Unfortunately logstash doesn't accept \0 as delimiter even after setting config.support_escapes: true in the settings. That option is only for the more common \n, \r, \t and so forth.
Does anyone know an approach that would work to generate logstash events from those gelf messages?
logstash -e 'input { tcp { port => 7777
codec => json_lines
{ delimiter => "\0" }
} }
output { stdout{ } }'
The messages are generated by the docker gelf log driver and look like this:
{"version":"1.1","host":"herm-VirtualBox","short_message":"{ counter: 1 } ","timestamp":1515490442.825,"level":6,"_command":"bin/sh -c COUNTER=1;while true; do printf \"{ counter: $COUNTER } \\n\"; COUNTER=$((COUNTER+1)); sleep 1; done","_container_id":"4aa5b8bd52381b005ad9c5d07db8bd71358a16510f16ef9e0f1887b25ac3040b","_container_name":"inspiring_booth","_created":"2018-01-09T09:34:02.506691976Z","_image_id":"sha256:00fd29ccc6f167fa991580690a00e844664cb2381c74cd14d539e36ca014f043","_image_name":"ubuntu","_tag":"4aa5b8bd5238"}
They always start with {"version":
