Could not index in elasticsearch

[2018-08-23T11:11:52,626][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400,
:action=>["index", {:_id=>nil, :_index=>"logstash-syslog-2018.08.23", :_type=>"doc", :_routing=>nil}, #<LogStash::Eve
nt:0x1962bb79>], :response=>{"index"=>{"_index"=>"logstash-syslog-2018.08.23", "_type"=>"doc", "_id"=>"AWVlTZzMW7Xm-Y
2dW4o5", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse [timestamp]", "caused_b
y"=>{"type"=>"illegal_argument_exception", "reason"=>"Invalid format: "Aug 23 11:09:52""}}}}}

Getting this error repeatedly. Multiple grok patterns have been added hence unable to find out which one is causing the issue. Requesting help

Your timestamp field has been mapped as a date field with a certain format and now you're sending documents with an incompatible format of that field.

You should probably be using (different) date filters to parse the timestamp field into @timestamp and then delete the original timestamp field.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.