"type"=>"illegal_argument_exception", "reason"=>"cannot parse empty date"} in logstash logs

Elastic Stack Elasticsearch
1

Hello,

Getting an error on pushing logs to logstash to elasticseacrch,

"error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse field [message] of type [date] in document with id 'NVWQaIMBa0kW_rfG7Lb1'", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"cannot parse empty date"}}}}}

As per error, cannot parse empty date, but in the logs there is a key called "time", Any idea of this issue ?

But here are sample logs in my application servers,

{"level":"info","message":"2022-09-23T05:30:12.474630702Z","msg":"poll started at time","time":"2022-09-23T05:30:12Z"}
{"level":"info","msg":"Supervisor can't run, going to sleep","tenant":"event_aigsubscription","time":"2022-09-23T05:30:12Z"}
{"error":"mongo: no documents in result","level":"error","msg":"fail to find lock by criteria","time":"2022-09-23T05:30:12Z"}
{"error":"mongo: no documents in result","level":"error","msg":"fail to find lock by criteria while poll","time":"2022-09-23T05:30:12Z"}

Thanks.

2

What does your logstash config look like?

3

Thanks for your reply,

Here is the logstash configs,

input.conf

input {
beats {
port => 5000
host => "0.0.0.0"
client_inactivity_timeout => "1200"
}
}

input {
beats {
port => 5001
ssl => true
ssl_certificate_authorities => ["/etc/logstash/cert/circles.chained.crt"]
ssl_certificate => "/etc/logstash/cert/circles.crt"
ssl_key => "/etc/logstash/cert/circles.key"
ssl_verify_mode => "force_peer"
host => "0.0.0.0"
}
}

output.conf

output {
elasticsearch {
hosts => ["http://10.60.1.113:9200","http://10.60.1.215:9200","http://10.60.3.146:9200"]
ssl => false
ssl_certificate_verification => false
cacert => "/etc/logstash/root-ca.pem"
user => "logstash"
password => "xxxxxxxxxxxxxxxxx"
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}

Logstash.yml

pipeline.batch.size: 125
pipeline.batch.delay: 100
config.reload.automatic: false
dead_letter_queue.enable: false
http.host: "10.60.1.11"
path.logs: /var/log/logstash/
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: xxxxxxxxxxxxxxx
xpack.monitoring.elasticsearch.hosts: ["http://10.60.1.113:9200","http://10.60.1.215:9200","http://10.60.3.146:9200"]
xpack.monitoring.elasticsearch.sniffing: false

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.