Thank you very much for your time!. I really appreciate it.
I always delete the index before sending new data to it. So it is always starting from scratch.
Here is JSON copy from the current Kibana. Please note there are some other errors, as I need to apply more GROK filters to it. I will do that, as soon as I manage to fix this date issue.
I really do not need a special date field, I am happy if I can map logdate to @timestamp field.
From Kibana:
"type": "fesotprod",
"tags": [
"_jsonparsefailure",
"beats_input_codec_json_applied",
"_dateparsefailure"
],
"@timestamp": "2017-04-27T15:57:43.297Z",
"logdate": "2017-04-26 09:40:33",
"@version": "1",
"beat": {
"hostname": "C700893",
"name": "C700893",
"version": "5.3.0"
},
"host": "C700893",
"fingerprint": "844563e8094c0c1810c04b3347155ad4f0082dff"
},
"fields": {
"@timestamp": [
1493308663297
]
}
Two sample string from the original log (log starts with the date):
2017-04-26 09:40:33] security.DEBUG: Stored the security token in the session. {"key":"_security_secured_area"}
[2017-04-26 09:50:42] request.INFO: Matched route "home_logged_in". {"route_parameters":{"_controller":"AppBundle\Controller\HomeLoggedInController::showAction","_locale":"de","_route":"home_logged_in"},"request_uri":"https://qa.someserver.de/de/home"}
Get mapping call on the index after was created (logdate is the problematic field):
{
"fesotprod": {
"mappings": {
"fesotprod": {
"properties": {
"@timestamp": {
"type": "date"
},
"@uuid": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"@version": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"beat": {
"properties": {
"hostname": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"name": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"version": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
},
"fingerprint": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"host": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"input_type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"logdate": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"message": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"offset": {
"type": "long"
},
"source": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"tags": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}
}
Thank you very much.