I use JDBC to grab sql data and put into elastic search. I can the data in kibana but I cannot filter on a date field, clsddate.
input:
input {
jdbc {
jdbc_driver_library => "/etc/logstash/drivers/mssql-jdbc-6.2.2.jre8.jar"
jdbc_driver_class => "com.microsoft.sqlserver.jdbc.SQLServerDriver"
jdbc_connection_string => "jdbc:sqlserver://brt1-trackit01\brt1trackit01;databaseName=TRACKIT8_DATA2"
jdbc_user => "reports"
jdbc_password => "letmeinNOW!"
schedule => "0 * * * *"
statement => "SELECT * FROM tasks WHERE MODIDATE >= :sql_last_value"
}
}
NO FILTER
Output:
output {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
user => elastic
password => letmein
index => "tasks-%{+YYYY.MM.dd}"
}
}
in Kibana, when I query clsddate: -, I get:
Discover: [parsing_exception] [match_phrase] unknown token [VALUE_NULL] after [query], with { line=1 & col=667 }
Error: [parsing_exception] [match_phrase] unknown token [VALUE_NULL] after [query], with { line=1 & col=667 }
at respond (http://brt1-elk02/bundles/vendors.bundle.js?v=16627:143:161556)
at checkRespForFailure (http://brt1-elk02/bundles/vendors.bundle.js?v=16627:143:160796)
at http://brt1-elk02/bundles/vendors.bundle.js?v=16627:137:20984
at processQueue (http://brt1-elk02/bundles/vendors.bundle.js?v=16627:116:132456)
at http://brt1-elk02/bundles/vendors.bundle.js?v=16627:116:133349
at Scope.$digest (http://brt1-elk02/bundles/vendors.bundle.js?v=16627:116:144239)
at Scope.$apply (http://brt1-elk02/bundles/vendors.bundle.js?v=16627:116:147018)
at done (http://brt1-elk02/bundles/vendors.bundle.js?v=16627:116:100026)
at completeRequest (http://brt1-elk02/bundles/vendors.bundle.js?v=16627:116:104697)
at XMLHttpRequest.xhr.onload (http://brt1-elk02/bundles/vendors.bundle.js?v=16627:116:105435)
When I view a record in kibana, if clsddate is not populated, there is a '-' in the field.
What do I need to do to be able to query on this date field?
Thanks!
-Mike M