Rollup fails with: ElasticsearchParseException: failed to parse date field #33048
Description
ELK 6.3, Windows
We are using the RollUp API to process tomcat access logs. The logs have a "timestamp" field formatted as follows (mapping):
"timestamp": {
"type": "date",
"format": "date_time"
}
The Rollup fails with the following message:
ElasticsearchParseException: failed to parse date field [0] with format [date_time]
We don't have any other problems with the field timestamp (e.g. in Kibana).
Rollup Job (/accessPerformance5):
{
"index_pattern": "access-test",
"rollup_index": "rollup-test",
"cron": "0 * * * * ? *",
"page_size": 100,
"groups": {
"date_histogram": {
"field": "timestamp",
"interval": "1d"
},
"terms": {
"fields": ["category", "subcategory", "method"]
}
},
"metrics": [
{
"field": "timeTaken",
"metrics": ["min", "max", "avg"]
}
]
}
Index:
"mappings": {
"doc": {
"properties": {
"category": {
"type": "keyword"
},
"method": {
"type": "keyword"
},
"subcategory": {
"type": "keyword"
},
"timeTaken": {
"type": "long"
},
"timestamp": {
"type": "date",
"format": "date_time"
},
"url": {
"type": "text"
},
"userAgent": {
"type": "text"
}
}
}
}