1. Describe your incident:
I’m receiving a lot of Indexer failures and can’t find the source of it. The Message details:
OpenSearchException[OpenSearch exception [type=mapper_parsing_exception, reason=failed to parse field [filebeat_journald_custom_syslog_timestamp] of type [date] in document with id '59d1ac94-62ed-11f0-857b-b2a58af684c0'. Preview of field's value: 'Jul 17 11:06:39']]; nested: OpenSearchException[OpenSearch exception [type=illegal_argument_exception, reason=failed to parse date field [Jul 17 11:06:39] with format [strict_date_optional_time||epoch_millis]]]; nested: OpenSearchException[OpenSearch exception [type=date_time_parse_exception, reason=Failed to parse with all enclosed parsers]];
So I see that the Date Format is wrong, but I’m unable to find the source which generates this entry.
2. Describe your environment:
-
OS Information: Debian 12
-
Package Version: Docker
3. What steps have you already taken to try and solve the problem?
Searching on some local machines, but It’s to many
4. How can the community help?
Helping me finding the source of this entry so I’m able to correctly setup filebeat