Elasticsearch Failed to Parse Time Field

Morgan_Kisienya · June 22, 2017, 6:07am

Hi all,

I have the following field from logstash in json

"DateFirstSeen" => 2017-06-21T19:47:29.782Z,

However elasticsearch fails to parse the filed and returns the following error

[2017-06-22T15:57:06,877][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"nfdump-2017.06.22", :_type=>"nw-events", :_routing=>nil}, 2017-06-22T05:57:05.329Z server.com %{message}], :response=>{"index"=>{"_index"=>"nfdump-2017.06.22", "_type"=>"nw-events", "_id"=>"AVzOYCaTuo1nKLuBo50c", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse [DateFirstSeen]", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"Invalid format: "Date first seen Date la...""}}}}}

Many thanks for your help

Morgan_Kisienya · June 22, 2017, 8:26am

I got the error.

I was including header line on CSV that was being parsed by logstash, the header line included "Data last seen" as a value i.e.
"DateFirstSeen" => "Date first seen",
I have removed the header line. All is ok.

system · July 20, 2017, 8:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Failed to parse date field in ELK stack 7.0 Logstash	3	634	June 15, 2020
Failed to parse date field, date_time_parse_exception Elasticsearch	7	2557	February 17, 2021
Logstash couldn't index date field for few log lines Logstash	4	489	July 12, 2019
Illegal_argument_exception: failed to parse date field, date_time_parse_exception Elasticsearch	6	13866	October 8, 2019
Failed to parse date field Logstash	6	948	March 12, 2023

Elasticsearch Failed to Parse Time Field

Related topics