2018-02-12T08:29:13.059-06:00 ERROR [Messages] Failed to index [2] messages. Please check the index error log in your web interface for the reason. Error: failure in bulk execution:
[43]: index [graylog_205], type [message], id [17c10ea1-1001-11e8-a12a-0eba063f8ad6], message [MapperParsingException[failed to parse [received_at]]; nested: IllegalArgumentException[Invalid format: “2018-02-12 14:28:02 UTC” is malformed at " 14:28:02 UTC"];]
I want to find source of that messages and edit extractors to parse date in right way. But when i find by specified message id “17c10ea1-1001-11e8-a12a-0eba063f8ad6” in specified graylog index “graylog_205” it is no find any message. (sure thing i think because they was not indexed). How i can find at least by which input message come? From which source?
I don’t familiar with processing pipeline, we use extractors on inputs. I dont have idea from which input this message comes. How i can check that kind of message if i just know time and message id?
You can check all inputs that have “received_at” field. Check their date converters that they have the correct format string. If your log sources send date in varying formats, you might need to resort to the flexible date converter.
I look into log on elasticsearch nodes, they shows an error message field, where i found “source” field that way found who send to graylogs a wrong formatted logs. Thank for all.
