Hi,
Every now and then a few documents (less than 1% of total logs) get placed into a daily index where the 20 in 2018 is replaced by 00.
For example,
logstash-6.4.3-0018.12.08
Has anyone encountered this? Seems like a bug somewhere, since all other docs get placed fine.
Best, Justin
I'm guessing that you are including a sprintf statement that relies on the value of @timestamp in your declaration of which index to insert docs into (e.g., index => "logstash-6.4.3-%{+yyyy.MM.dd}").
@timestamp indicate?@timestamp (likely a date filter)?Oh nice, good call. There's a date filter on nginx logs, and for these lines the date string is something like 18-12-08T01:34:06+00:00.
Thanks @yaauie!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.