Date Time parsing problems

cibernicola · July 19, 2021, 3:40pm

Hello
I have a bunch of dates to sort, this is the format I have:

2018-05-12 00:00pm GMT (always 00:00pm)
2021-04-01 1:17am GMT

If I try to ingest with no template, elasticsearch detects them as a string, but if I map them as a Date I get this error:
{"type"=>"illegal_argument_exception", "reason"=>"failed to parse date field [2020-08-22 00:00pm GMT] with format [strict_date_optional_time||epoch_millis]", "caused_by"=>{"type"=>"date_time_parse_exception", "reason"=>"Failed to parse with all enclosed parsers"}

I've selected all options, always with the same result, as far as I know the date time string is valid, any idea?

mad_dog · July 19, 2021, 4:09pm

You need to use "match" setting in date filter to provide all your date formats.

https://www.joda.org/joda-time/key_format.html

cibernicola · July 19, 2021, 7:42pm

Thanks for your answer, but I have another question :S
I'm reading about parsing string to date, but I must say its not so clear. But I've learned several things.
Let's ask:
I have two fields with dates like:

2021-07-15 8:18 AM

I'm trying with configs like:

      date {
        match => [ "myField", "yyyy-mm-dd hh:mm" ]
        target => "myField"
      }

I get no errrors, but "The indices which match this index pattern don't contain any time fields."
If I try to set the date mapping, then, again, error parsing....

What I'm doin' wrong?

mad_dog · July 19, 2021, 7:50pm

What contains [myField]? Just date or is it entire log?

cibernicola · July 19, 2021, 8:44pm

Just the datetime with a format like "2021-07-15 8:18 AM"

mad_dog · July 20, 2021, 6:55am

Month should be in capital letters.

cibernicola · July 20, 2021, 11:38am

Working, but with some "features", thanks @mad_dog!

system · August 17, 2021, 11:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.