Problem with containerLabels entry failing date format in ElasticSearch

[patelh6]

Hi,

I have an issue which is preventing the data collected by dockbeat to be sent successfully to elasticsearch. One of the key fields under containerLabels has a datetime format which is not captured by elasticsearch by default e.g.
{ "key": "build-date", "value": "2017-10-12T15:15:58.430231" }

I have tried to use the template file to explicitly refer to all containerLabels entries as string but this seems to be ignored on the elasticsearch end. Is there a way for me to configure a specific key under containerLabels to be a dateformat of my choosing, or is there a way to intercept the formating of the containerLabel fields?

Excerpt of dockbeat.yml

# A template is used to set the mapping in Elasticsearch
# By default template loading is disabled and no template is loaded.
# These settings can be adjusted to load your own template or overwrite existing ones
template:

  # Template name. By default the template name is dockbeat.
  name: \"dockbeat\"

  # Path to template file
  path: \"/opt/dockbeat/dockerbeat.template.json\"

  # Overwrite existing template
  overwrite: true

Excerpt of dockerbeat.template.json

{ "mappings": { "_default_": { "_all": { "enabled": true, "norms": { "enabled": false } }, "dynamic_templates": [ { "template1": { "mapping": { "doc_values": true, "ignore_above": 1024, "index": "not_analyzed", "type": "{dynamic_type}" }, "match": "*" } } ], "properties": { "@timestamp": { "type": "date" }, "containerLabels":{ "properties":{ "key":{ "type": "string" }, "value":{ "type": "string" } } },

Excerpt of error logged by Dockbeat

2017/12/07 03:15:23.863378 client.go:271: INFO Bulk item insert failed (i=49, status=500): {"type":"class_cast_exception","reason":"org.elasticsearch.index.mapper.TextFieldMapper cannot be cast to org .elasticsearch.index.mapper.DateFieldMapper"} 2017/12/07 03:15:23.863390 single.go:78: INFO Error publishing events (retrying): temporary bulk send failure