I'm ingesting Redhat AMQ log with filebeat, only filebeat claims the ingest pipeline fails to parse date time of every event. But testing a sample event/document from fiebeat log, pipeline works fine, that beats me. Hints appreciated, TIA!
filebeat log snippet:
\"reason\":\"failed to parse date field [2023-09-18 20:39:54,127] with format [strict_date_optional_time||epoch_millis]\",\"caused_by\":{\"type\":\"date_time_parse_exception\",\"reason\":\"date_time_parse_exception: Failed to parse with all enclosed parsers\"}}}, dropping event!","service.name":"filebeat","ecs.version":"1.6.0"
Testing above failed doc in the pipeline is successful thou:
The issue is when the data is actually written to the index that is when the schema / format is validated which does not fit strict_date_optional_time||epoch_millis
The pipeline can parse but the source data but can not be written
What I see is 2 things 1 that date is in neither of the formats above
and you may have this is a "locale" issue with the date format the , in the millis instead of . though I am not completely sure if that will actually be an issue.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
