Adding a mutate on these messages on the LS side to drop the timestamp
field did the trick. This is sort of puzzling though since that field is a
stock LS field and worked in a similar case.
Eg.
Mar 12 16:54:14 worked
Mar 13 12:59:39 failed
Thanks,
-Chris
On Thu, Mar 13, 2014 at 1:33 PM, Binh Ly binhly...@yahoo.com wrote:
You have 2 timestamp fields: @timestamp, and timestamp. Looks like the
timestamp field is the one that cannot be parsed. I see this value in the
first doc: timestamp:Mar 13 12:15:39. You either need to format this
properly from the LS side, or use the right date format on the ES side.
--
You received this message because you are subscribed to a topic in the
Google Groups elasticsearch group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/elasticsearch/4msT7NJT-tM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/1a60d95c-f959-4f64-9307-c0aa4ce7e2f3%40googlegroups.comhttps://groups.google.com/d/msgid/elasticsearch/1a60d95c-f959-4f64-9307-c0aa4ce7e2f3%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAPWb6toSethsM2gs98DxHGu3h4M2EYbE2ZyAQ_%3DLHB4abnjXwQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
