Hi
I think you didn't specified any format for dateTime in the mapping, so by default elasticsearch wait to get a date with the format strict_date_optional_time or epoch_millis.
According to you and logs, the dateTime contains the value Nov 29, 2021 @ 11:37:17.627 in the logstash output and it does not match either of the two required formats.
So i think you have two possibilities.
- First is to edit the mapping in elasticsearch to specify the incomming date are in syslog date format. example here
- Or to use the date filter in logstash to make the change form syslog date to strict_date_optional_time directly in logsatsh.
Cad