Adding a mutate on these messages on the LS side to drop the timestamp field did the trick. This is sort of puzzling though since that field is a stock LS field and worked in a similar case.
Eg. Mar 12 16:54:14 worked Mar 13 12:59:39 failed Thanks, -Chris On Thu, Mar 13, 2014 at 1:33 PM, Binh Ly <[email protected]> wrote: > You have 2 timestamp fields: @timestamp, and timestamp. Looks like the > timestamp field is the one that cannot be parsed. I see this value in the > first doc: "timestamp":"Mar 13 12:15:39". You either need to format this > properly from the LS side, or use the right date format on the ES side. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "elasticsearch" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/elasticsearch/4msT7NJT-tM/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/1a60d95c-f959-4f64-9307-c0aa4ce7e2f3%40googlegroups.com<https://groups.google.com/d/msgid/elasticsearch/1a60d95c-f959-4f64-9307-c0aa4ce7e2f3%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAPWb6toSethsM2gs98DxHGu3h4M2EYbE2ZyAQ_%3DLHB4abnjXwQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
