Illegal_argument_exception mapping dates

Hi, I've this simple filter to parse data, the problem is that sometimes logs are are saved in ES but are not correctly mapped.


                        match => [ "acc-log-timestamp", "yyyy-MM-dd HH:mm:ss", "ISO8601" ]
                        target => "acc-log-timestamp"

The error I found in ES is:

[2018-03-18T02:00:04,001][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {
:action=>["index", {:_id=>"300370831", :_index=>"logstash-2018.03.18", :_type=>"doc", :_routing=>nil}, #<LogStash::Event:0x2f1342db>],
:response=>{"index"=>{"_index"=>"logstash-2018.03.18", "_type"=>"doc", "_id"=>"300370831", "status"=>400, "error"=>{"type"=>"illegal_argument_exception", "reason"=>"mapper [acc-log-timestamp] of different type, current_type[text],merged_type [date]"}}}}

I looked for that log in ES and the acc-log-timestamp value seems correct.

"acc-log-timestamp": "2018-03-17T23:20:14.000Z",
"@timestamp": "2018-03-18T23:30:16.017Z",

My template is the default one, I didn't change it.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.