ES fails to parse date/timestamp for Win IIS logs, logs not indexed - PART 2

I had issue in previous thread here:

Logs were failing to be indexed properly due to date/timestamp field and we determined that by creating a new index and migrating stream to the new index it resolves the issue. I’ve discovered that this is only a temporary fix as over time, the logs eventually stop again, index failure messages begin to appear again, and we are back to square one.

If I go and create another new index, and migrate stream, it starts working perfectly again, but eventually stops. My theory (which I’m testing right now and will update) is that migrating the stream to new index works up until index rotation. I think that once index is rotated and new index is in use, errors begin to appear again and logs do not show up in the stream.

Is anyone able to explain why this might be and maybe help me with a permanent solution to this problem? Any help would be greatly appreciated.

Can you post an example message? Does all the data from your previous post still hold true?

Hey @big-tuna-28

Sorry to hear your still having issues. adding on to @tmacgbay can you show us the updated settings you have and/or any visuals?

If possible perhaps a stack-trace when the index rotated and started received errors messages would be great also. Can you produce this issue by manually rotating the index?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.