Failed to index [1] messages. failed to parse field [DateTime] of type [date] in document

Graylog Central (peer support)
5

Hi, I set out to ditch the extractor all together and make a pipeline, like in this post: Failing JSON Extractor - #3 by mulgurul

Here’s my rule:

rule "parse the json log entries"
when
  true
then
  let json_tree = parse_json(to_string($message.json)); 
  let json_fields = select_jsonpath(json_tree, { time: ".$timestamp", remote_addr: ".$remote_addr", body_bytes_sent: ".$body_bytes_sent", request_time: ".$request_time", response_status: ".$response_status", request: ".$request", request_method: ".$request_method", host: ".$host", upstream_cache_status: ".$upstream_cache_status", upstream_addr: ".$upstream_addr" , http_x_forwarded_for: ".$http_x_forwarded_for" , http_referrer: ".$http_referrer", http_user_agent: ".$http_user_agent", http_version: ".$http_version", nginx_access: ".$nginx_access"});

  set_field("remote_addr", to_string(json_fields.remote_addr));
  set_field("body_bytes_sent", to_double(json_fields.body_bytes_sent));
  set_field("request_time", to_double(json_fields.request_time));
  set_field("response_status", to_double(json_fields.response_status));
  set_field("request", to_string(json_fields.request));
  set_field("request_method", to_string(json_fields.request_method));
  set_field("host", to_string(json_fields.host));
  set_field("upstream_cache_status", to_string(json_fields.upstream_cache_status));
  set_field("upstream_addr", to_string(json_fields.upstream_addr));
  set_field("http_x_forwarded_for", to_string(json_fields.http_x_forwarded_for));
  set_field("http_referrer", to_string(json_fields.http_referrer));
  set_field("http_user_agent", to_string(json_fields.http_user_agent));
  set_field("http_version", to_string(json_fields.http_version));
  set_field("nginx_access", to_bool(json_fields.nginx_access));
  set_field("timestamp", parse_date(substring(to_string(json_fields.time), 0, 23), "yyyy-MM-dd HH:mm:ss.SSS"));
  
end

However when I run this rule, all the fields get created but look like this:

host
[]
http_referrer
[]
http_user_agent
[]
http_version
[]
http_x_forwarded_for
[]

Any idea what’s wrong here?

This a sample message that gets received:

**http_x_forwarded_for**
[]
**json**
{ "timestamp": "1658824872.073", "remote_addr": "x.x.x.x", "body_bytes_sent": 147051, "request_time": 0.093, "response_status": 200, "request": "GET /VoiceR/Images/315200dasdadaf00037304824556xsa.jpg HTTP/1.1", "request_method": "GET", "host": "xxxx","upstream_cache_status": "","upstream_addr": "x.x.x.x:x","http_x_forwarded_for": "","http_referrer": "", "http_user_agent": "Dart/2.15 (dart:io)", "http_version": "HTTP/1.1", "nginx_access": true }
**level**
6
**message**
MyHost nginx: { "timestamp": "1658824872.073", "remote_addr": "x.x.x.x", "body_bytes_sent": 147051, "request_time": 0.093, "response_status": 200, "request": "GET /VoicerwerewR/Irwerewmages/31520000037304824556.jpg HTTP/1.1", "request_method": "GET", "host": "xxx","upstream_cache_status": "","upstream_addr": "x.x.x.x:x","http_x_forwarded_for": "","http_referrer": "", "http_user_agent": "Dart/2.15 (dart:io)", "http_version": "HTTP/1.1", "nginx_access": true }
**nginx_access**
false
**remote_addr**
[]
**request**
[]
**request_method**
[]
**request_time**
0