Jboss logdate not searchable in kibana

Elastic Stack Elasticsearch
1

Good day,

I have the following log entry in my jboss application

2014-10-23 11:03:38,254 INFO
[com.xxxxxxxxxx.cpg.webservice.cellc.xxxxxxxxx] (Thread-34766
(group:HornetQ-client-global-threads-1976177639))
[RESPONSE]-[WSC]-[VendorID=2, TrxId=xxxxxxxx, StanId=xxxxxx]\n
[com.xxxxxx.cpg.webservice.cellc.xxxxx] (Thread-34766
(group:HornetQ-client-global-threads-1976177639))
[RESPONSE]-[WSC]-[xxxxxx=2, TrxId=xxxxxx, StanId=xxxxxx]

I make use of lumberjack to pass the logs to the central server

My grok config breaks up the file as needed
Here is the grok layout

filter {

  • if [type] == "jboss" {*

  • grok {*

  • match => [message, "%{TIMESTAMP_ISO8601:timestamp} %{WORD:loglevel}
    %{GREEDYDATA:message}"]*

  • }*

  • multiline {*

  •  pattern => "^\D|^$|^\n"*

  •  what => "previous"*

  • }*

  • date {*

  •   # 2013-09-23T11:27:14.177+0200*

  •   match => [*

  •       "timestamp", "MMM dd HH:mm:ss","MMM d HH:mm:ss","MMM dd yyyy

HH:mm:ss","MMM d yyyy HH:mm:ss", "yyyy-MM-dd'T'HH:mm:ss.SSSZ"*

  •  ]*

  •  target => "@timestamp"*

  •  add_field => { "debug" => "timestampMatched"}*

  • }*

  • }*
    }

Here is the logstash output

{

  •   "message" => "2014-10-23 11:56:08,515 INFO

[comxxxx.cpg.services.vendor.networking.VendorConnection] (Thread-34876
(group:HornetQ-client-global-threads-1976177639)) ECHO RESULT : SUCCESS\n
[com.xxxxx.cpg.services.vendor.networking.VendorConnection] (Thread-34876
(group:HornetQ-client-global-threads-1976177639)) ECHO RESULT : SUCCESS",*

  •  "@version" => "1",*
  • "@timestamp" => "2014-10-23T09:56:15.140Z",*
  •      "type" => "jboss",*

  •      "file" =>

"/usr/local/jboss-eap-5.1/jboss-as/server/all-with-hornetq/log/server.log",*

  •      "host" => "xx-xx.xxx.xxx.com",*

  •    "offset" => "114131317",*

  • "timestamp" => "2014-10-23 11:56:08,515",*

}

The problem i have is the timestamp

I created a timestamp field and mapped the value

but when i try and graph on the timestamp in kibana, i get the following
error

Oops!
ClassCastException[org.elasticsearch.index.fielddata.plain.PagedBytesIndexFieldData
cannot be cast to org.elasticsearch.index.fielddata.IndexNumericFieldData]

is there a way to map the timestamp to @timestamp or make the timestamp
field i specified able to be seen in the graph ?

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/b63dc656-ac81-4a01-afb5-3d2fa934ed39%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.