Importing SQL flat files are not displaying properly

Chase · January 23, 2023, 3:16pm

We have having with SQL logs being displayed properly in graylog. Whenever we get logs from SQL server, it shows as like:

B a c k u p V i r t u a l D e v i c e F i l e : : T a k e S n a p s h o t

All text coming from our SQL server looks like this, with the space in between each letter. However, when I copy the text out to say work or notepad++, it copies just fine without the spacing.

BackupVirtualDeviceFile::TakeSnapshot

We are using graylog 5 with sidecar 1.3.0. We are also using filebeats to pull the file. The sql file is ERRORLOG that we are pulling from. Have no other problems pulling from any other flat files.

# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

output.logstash:
   hosts: ["x.x.x.x:yyyy"]
path:
  data: ${sidecar.spoolDir!"C:\\Program Files\\Graylog\\sidecar\\cache\\filebeat"}\data
  logs: ${sidecar.spoolDir!"C:\\Program Files\\Graylog\\sidecar"}\logs
tags:
 - windows
filebeat.inputs:
- type: log
  enabled: true
    - path to ERRORLOG

gsmith · January 24, 2023, 2:52am

Hey @Chase
Not sure what going on , but have you tried to enable mysql module see something here about it .

By chance what type of file extension are SQL logs?

Chase · January 24, 2023, 1:56pm

Does this apply to MSSQL as well?

Thanks,

Chase

tmacgbay · January 24, 2023, 2:05pm

A couple of thoughts:

You could try the new type of filestream rather than log
you seem to be missing paths:…

...
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - <Path to ERRORLOG>
...

Your data and logs seem odd… in that I haven’t seen it done before with a variable and the path…

  data: ${sidecar.spoolDir!"C:\\Program Files\\Graylog\\sidecar\\cache\\filebeat"}\data
  logs: ${sidecar.spoolDir!"C:\\Program Files\\Graylog\\sidecar"}\logs

Side note - I cleaned up your code using the </> forum tool so the look like code and have readable indentation…

Chase · January 25, 2023, 3:08pm

I’ve tried filestream, and it is the same.

Thanks.

Chase

tmacgbay · January 25, 2023, 4:17pm

There are other parts to my post…?

system · February 8, 2023, 4:17pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Spaces between every letter from .log files on Windows Graylog Central (peer support) sidecar , filebeat-windows	3	797	March 20, 2020
Windows evtx files and utf encoding Graylog Central (peer support) sidecar , filebeat-windows	3	1612	March 24, 2020
FileBeat and Sidecar: who trim the message? Graylog Central (peer support) sidecar	9	1891	October 25, 2017
Added space in Logs from Filebeat Graylog Central (peer support) sidecar , filebeat-windows	2	485	February 4, 2020
Gray Log / Monitoring SQL Server Graylog Central (peer support) sidecar , nxlog , filebeat-linux , filebeat-windows , winlogbeat , nodatanx	4	5208	November 18, 2021

Importing SQL flat files are not displaying properly

Related topics