Indexer failure

1. Describe your incident:
failed indexing attempts

2. Describe your environment:

• OS Information:
  ubuntu 22.04
• Package Version:
  graylog 5.x
• Service logs, configurations, and environment variables:

OpenSearchException[OpenSearch exception [type=mapper_parsing_exception, reason=failed to parse field [data_win_eventdata_processCreationTime] of type [date] in document with id '885fc8f3-0cd9-11ef-b0e7-6ad7c5bf06bb'. Preview of field's value: '0x1daa0e631450c9e']]; nested: OpenSearchException[OpenSearch exception [type=illegal_argument_exception, reason=failed to parse date field [0x1daa0e631450c9e] with format [strict_date_optional_time||epoch_millis]]]; nested: OpenSearchException[OpenSearch exception [type=date_time_parse_exception, reason=date_time_parse_exception: Failed to parse with all enclosed parsers]];

3. What steps have you already taken to try and solve the problem?
NIL

4. How can the community help?

how do i resolve this issue

So something is wrong in your parsing, you have a field that normally is a date, but the value being sent to opensearch is 0x1daa0e631450c9e which is not a date. You will need to figure out what that value is ending up in that field. Otherwise you can manually set that field to be a string, but then it wont act like a date anymore, which probably isnt ideal.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.