I’ve got a customer with what looks like a character encoding issue in either #elasticsearch or #fluentd.
Here’s the message:
2021-06-08 17:05:50 +0800 [warn]: #0 dump an error event: error_class=Fluent::Plugin::ElasticsearchErrorHandler::ElasticsearchError error=“400 - Rejected by Elasticsearch [error type]: mapper_parsing_exception [reason]: ‘failed to parse field [message] of type [text] in document with id ‘fPHe6nkBSuYtlT3W3H56’. Preview of field’s value: ‘’’” location=nil tag=“app.was-aiahk-intranet-prod-aiab-app1-SystemOut” time=2021-06-08 17:05:14.438022000 +0800 record=
{“message”=>"[6/8/21 14:37:39:438 CST] 000000f6 SystemOut O {call bunch of nulls and some sensitive data,‘CANTONESE’)}
I can’t tell at what point it is being recognized as Cantonese. Maybe that’s a metadata field. They gave what they claim is a fluentd config, but it doesn’t mention anything about character encoding. I’m waiting for their #log4j config.
Any thoughts? Thanks!