Hello
I have a bunch of dates to sort, this is the format I have:
2018-05-12 00:00pm GMT (always 00:00pm)
2021-04-01 1:17am GMT
If I try to ingest with no template, elasticsearch detects them as a string, but if I map them as a Date I get this error:
{"type"=>"illegal_argument_exception", "reason"=>"failed to parse date field [2020-08-22 00:00pm GMT] with format [strict_date_optional_time||epoch_millis]", "caused_by"=>{"type"=>"date_time_parse_exception", "reason"=>"Failed to parse with all enclosed parsers"}
I've selected all options, always with the same result, as far as I know the date time string is valid, any idea?
You need to use "match" setting in date filter to provide all your date formats.
https://www.joda.org/joda-time/key_format.html
Thanks for your answer, but I have another question :S
I'm reading about parsing string to date, but I must say its not so clear. But I've learned several things.
Let's ask:
I have two fields with dates like:
2021-07-15 8:18 AM
I'm trying with configs like:
date {
match => [ "myField", "yyyy-mm-dd hh:mm" ]
target => "myField"
}
I get no errrors, but "The indices which match this index pattern don't contain any time fields."
If I try to set the date mapping, then, again, error parsing....
What I'm doin' wrong?
What contains [myField]? Just date or is it entire log?
Just the datetime with a format like "2021-07-15 8:18 AM"
Month should be in capital letters.
Working, but with some "features", thanks @mad_dog!