Get "_dateparsefailure" when use Elasticsearch input plugin

occultskyrong · January 8, 2019, 11:39am

I just use Elasticsearch input plugin

like this :

input {
  elasticsearch {
    hosts => "localhost:9200"
    index => "test"
    query => ""
    size => 1
    scroll => "300s"
    docinfo => true
  }
}

and then , i use date filter

  date {
    match => ["@timestamp","ISO8601","yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"]
    timezone => "Asia/Shanghai"
    target => "timestamp"
    # add_field => { 
    #   "[timestamp][year]" => "%{+yyyy}" 
    #   "[timestamp][month]" => "%{+MM}"
    #   "[timestamp][day]" => "%{+dd}"
    #   "[timestamp][dayOfYear]" => "%{+DD}"
    #   "[timestamp][dayOfWeek]" => "%{+e}"
    #   "[timestamp][hour]" => "%{+HH}"
    #   "[timestamp][minute]" => "%{+mm}"
    #   "[timestamp][keyword]" => "%{+yyyy-MM-dd HH:mm:ss}"
    # }
  }

It's always get an error "_dateparsefailure".
But this field is in this format.

In the test index , the @timestamp field type in the mapping is

"@timestamp": {
  "type": "date"
},

So , who knows what's the error mean ?

thank you ~

occultskyrong · January 9, 2019, 3:01am

just solved by Date Custom Field Timezone

the api for ruby strftime see https://apidock.com/ruby/DateTime/strftime

system · February 6, 2019, 3:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.