Hello Abdelhalim,
According to the docs here:
Date formats can be customised, but if no format is specified then it uses the default:
"strict_date_optional_time||epoch_millis"
strict_date_optional_time is described here:
A generic ISO datetime parser, where the date must include the year at a minimum, and the time (separated by
T), is optional. Examples:yyyy-MM-dd'T'HH:mm:ss.SSSZoryyyy-MM-dd.
To solve that, you have to update your template and define your date format like this:
PUT _template/urlhaus
{
"index_patterns": ["urlhaus-*"],
"settings": {
"number_of_shards": 1,
"number_of_replicas": 1,
"index.lifecycle.name": "hot-warm-cold-delete-6months-policy",
"index.lifecycle.rollover_alias": "urlhaus"
},
"mappings": {
"properties": {
"id": {"type": "long" },
"dateadded": {"type": "date", "format": "yyyy-MM-dd HH:mm:ss"},
"url": { "type": "text"},
"url_status": {"type": "keyword"},
"threat": {"type": "text"},
"tags": {"type": "text"},
"urlhaus_link": {"type": "text"},
"reporter": {"type": "keyword"}
}
}
}
Best regards
Wolfram