[parsing date error]: date_time_parse_exception: Failed to parse with all enclosed parsers

Wolfram_Haussig · January 12, 2021, 11:05am

Hello Abdelhalim,

According to the docs here:

Date formats can be customised, but if no format is specified then it uses the default:

"strict_date_optional_time||epoch_millis"

strict_date_optional_time is described here:

A generic ISO datetime parser, where the date must include the year at a minimum, and the time (separated by T ), is optional. Examples: yyyy-MM-dd'T'HH:mm:ss.SSSZ or yyyy-MM-dd .

To solve that, you have to update your template and define your date format like this:

PUT _template/urlhaus
{
  "index_patterns": ["urlhaus-*"], 
  "settings": {
    "number_of_shards": 1,
    "number_of_replicas": 1,
    "index.lifecycle.name": "hot-warm-cold-delete-6months-policy",  
    "index.lifecycle.rollover_alias": "urlhaus"
  },
  "mappings": {
    "properties": {
    
     "id": {"type": "long" },
     "dateadded": {"type": "date", "format": "yyyy-MM-dd HH:mm:ss"},
     "url": { "type": "text"}, 
     "url_status": {"type": "keyword"},
     "threat": {"type": "text"}, 
     "tags": {"type": "text"}, 
     "urlhaus_link": {"type": "text"}, 
     "reporter": {"type": "keyword"}
    }
  } 
}

Best regards
Wolfram

Topic		Replies	Views
Failed to parse field [host] of type [text] Logstash docker	4	31	October 28, 2024
Failed to parse error for certain records Logstash	5	1573	July 9, 2019
Failed to parse date Logstash	5	1122	December 2, 2019
Date parse error on only one record Logstash	8	401	November 26, 2020
Failed parsing date from field - how to troubleshoot Logstash	2	1011	July 6, 2017

[parsing date error]: date_time_parse_exception: Failed to parse with all enclosed parsers

Related Topics