Hi,
i have a log format with a timestamp like this :
Dez 08, 2016 8:17:29 AM
I use a custom grok pattern for it in logstash.
When i want elasticsearch to map it i get a mapper_parsing_exception.
It says invalid format.
How can i fix it?
My template looks like this:
"timestamp": {
"index": "not_analyzed",
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss,SSS||yyyy-MM-dd HH:mm:ss||MMM dd, yyyy HH:mm:ss a",
"doc_values": true
}
In the example above you have Dez as the month? Is this a typo or are you using a non-english locale?
If you are using a non-english locale you may need to add the localeoption to the date field mapping to indicate the locale of the dates in your documents.
Thanks! With the locale Option it works
I'm curious what locale you are using?
For the given example log it is a german locale
Dez for Dezember
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.