failed to parse timestamp elasticsearch

Question

I'm new to elasticsearch and am trying to create my first index but am having issues with a timestamp field that was working before...

I created my index like this:

PUT /kafkasdp
{
  "mappings": {
    "kafka_logs": {
      "properties": {
        "timestamp": {
          "type": "date"
        },
        "log_level": {
          "type": "string"
        },
        "message1": {
          "type": "string"
        },
        "message2": {
          "type": "string"
        }
      }
    }
  }

}

and then I'm trying to send data like this:

post /kafkasdp/kafka_logs
{
  "timestamp": "2017-02-03 19:27:20,606",
  "log_level": "INFO",
  "message2": "Deleting segment 1 from log omega-replica-sync-dev-8. (kafka.log.Log)"
}

but keep getting this error:

{
  "error": {
    "root_cause": [
      {
        "type": "mapper_parsing_exception",
        "reason": "failed to parse [timestamp]"
      }
    ],
    "type": "mapper_parsing_exception",
    "reason": "failed to parse [timestamp]",
    "caused_by": {
      "type": "illegal_argument_exception",
      "reason": "Invalid format: \"2017-02-03 19:27:20,606\" is malformed at \" 19:27:20,606\""
    }
  },
  "status": 400
}

I thought my timestamp is a valid date type?

Answer 1

Read about date type on Elasticsearch reference: you should specify format of date you are expecting in your documents:

PUT your_index_name
{
  "mappings": {
    "your_index_type": {
      "properties": {
        "date": {
          "type":   "date",
          "format": "yyyy-MM-dd HH:mm:ss,SSS"
        }
      }
    }
  }
}

As you did not specify it, Elasticsearch will expect date value in ISO format: yyyyMMdd'T'HHmmss.SSS'Z' (e.g., 2017-02-03T19:27:20.606Z)