Solved: Why are we receiving error from _internal index f...

Santosh2 · ‎08-30-2022

We are receiving error from _internal index for Json logs:

1. error: ERROR JsonLineBreaker - JSON StreamId:1254678906 had parsing error:Unexpected character: "s"

2. error: ERROR JsonLineBreaker - JSON StreamId:1254678906 had parsing error:Unexpected character: "a"

sample logs:

{ [-]

level: debug

message: Creating a new instance of inquiry call

timestamp: 2022-08-25T20:30:45.678Z

}

my props.conf:
TIME_PREFIX=timestamp" : "

TIME_FORMAT= %Y-%m-%dT%H:%M:%S.%3N

MAX_TIMESTAMP_LOOKAHEAD=40

TZ=UTC

how to resolve this issue.

richgalloway · ‎08-31-2022

I'm not sure about the exact cause of those messages, but it could be because the sample log is not valid JSON.

---
If this reply helps you, Karma would be appreciated.

richgalloway · ‎08-31-2022

I'm not sure about the exact cause of those messages, but it could be because the sample log is not valid JSON.

---
If this reply helps you, Karma would be appreciated.

Santosh2 · ‎09-01-2022

but how can i identify that

richgalloway · ‎09-01-2022

Among other things, proper JSON uses quotation marks around strings.

---
If this reply helps you, Karma would be appreciated.

Santosh2 · ‎09-01-2022

Why are we receiving error from _internal index for Json logs?