1

I've set up a basic ELK stack to prase and display apache logs. It has been working for the past 1 month but suddenly from last two days, elastic search is throwing the below error.

MapperParsingException[failed to parse [timestamp]]; nested: IllegalArgumentException[Invalid format:"16/Jul/2016:05:31:27 +0000" is malformed at "/Jul/2016:05:31:27 +0000"];

This is a default setup and I haven't made any custom changes in elasticsearch. The indexes are created date wise which is the default behaviour while setting up ELK.

If I stop logstash, then delete the index named logstash-2016.07.16 and start logstash, it will work fine for a day. The next day it will throw the same error on the new index created (logstash-2016.07.17).

Versions : Logstash - 2.3.2 Elasticsearch - 2.3.2 Kibana - 4.5

Improve this question
0

1 Answer 1

Reset to default
1

Your format doesn't conform with Built-in formats of Elastic Search 2.3! Please refer 'Built In Formats' under https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-date-format.html

I did face exactly the same issue! But I tweaked my PHP time object's format to be in accordance with Elastic Search Mapping!

Curl command to create mapping for the the field 'ClickTime' in a standard format :

curl -XPUT localhost:9200/telemetry/_mapping/DashBoardVisits?
pretty -d "{\"properties\" : {\"ClickTime\" : {\"type\" :\"date\" , \"format\" :
 \"yyyy-MM-dd HH:mm:ss\" }}}"

PHP code to create a time object matching the type and format of 'ClickTime' in Elastic Search :

$curtime = date_create();
$kibanadate = date_format($curtime,"Y-m-d H:i:s");
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.