Logstash parsing error

Nuno_Santos · December 1, 2020, 3:54pm

Can someone help me with this error?

Andreas_Herz · December 27, 2020, 9:00pm

Can you share more details about your setup and configuration?
Might be an issue parsing the json output

Jeff_Lucovsky · December 27, 2020, 9:26pm

This seems like an issue parsing an HTTP log containing a content_range element. Suricata 5.0.x and newer will add a content_range object with the following elements (when such a range has been detected):

raw
start
end
size

raw is the content range parsed, e.g., "raw":"bytes 0-384/385"
The other members are determined from that so in this case you’d have:
"start":0, "end":38,"size":385

Here’s the JSON object as it would be represented in the HTTP event:
"content_range":{"raw":"bytes 0-384/385","start":0,"end":384,"size":385}

Topic		Replies	Views
Suricata 7.0.1-dev and a giant json data logging spike Developers	4	227	August 11, 2023
Integrate Suricata with ELK Help	2	422	August 24, 2022
Suricata the output of eve.log does not include data on http connections Help	11	1909	November 27, 2021
Suricata no longer write into Eve files Help	2	1836	May 7, 2021
Suricata http event and alert event output seem not correct! Help suricata	8	452	September 18, 2023

Logstash parsing error

Related Topics