Hi,
I am trying to fetch data from few csv file
input {
file {
path => "/root/API*"
start_position => "beginning"
sincedb_path => "/dev/null"
type => "API"
}
}
filter {
csv {
separator => ","
columns => ["TIMESTAMP_DERIVED","USER_ID_DERIVED","CLIENT_IP","URI_ID_DERIVED"]
}
}
output
{
elasticsearch {
hosts => ["xxx:443"] //443 because of managed ES
index => "apisalesforceapi-%{+YYYY.MM}"
user => "xxx"
password => "xxx"
ilm_enabled => false //Managed ES
}
stdout { codec => rubydebug }
}
Here : "TIMESTAMP_DERIVED" -> is the field which is causing the issue.
Logstash is able to read the csv file and index gets created in Managed ES as well, however i end up getting the below WARN everytime
[2020-11-10T14:04:12,995][WARN ][logstash.outputs.elasticsearch][python][f1948bfb7238388c36f40fa69ae4943193b1e7dcc21fa07b7f74a47b7a0c1474] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"apisalesforceapi-2020.11", :routing=>nil, :_type=>"_doc"}, #<LogStash::Event:0x6469834f>], :response=>{"index"=>{"_index"=>"apisalesforceapi-2020.11", "_type"=>"_doc", "_id"=>"44N4snUBvPvlSgV_p801", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse field [TIMESTAMP_DERIVED] of type [date] in document with id '44N4snUBvPvlSgV_p801'. Preview of field's value: 'TIMESTAMP_DERIVED'", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"failed to parse date field [TIMESTAMP_DERIVED] with format [strict_date_optional_time||epoch_millis]", "caused_by"=>{"type"=>"date_time_parse_exception", "reason"=>"Failed to parse with all enclosed parsers"}}}}}}
Please help me resolve this !! Thank you !!