DateAndTime fail to index

[smalenfant]

When received events with a DataAndTime field, elastic can't index the data due to incorrect parsing. The main problem with snmptrap is it seems like it doesn't know what type of information it is processing and doesn't output the proper format (it's all strings).

• Version: 6.4.3
• Operating System: docker
• Config File (if you have sensitive info, please remove it): Just enable snmptrap
• Sample Data:

{
"SNMPv2-SMI::enterprises.6431.1.1.1.1.5" => "0",
"SNMPv2-SMI::enterprises.6431.1.1.1.1.12.132.0" => "ping",
"@timestamp" => 2018-11-07T15:24:38.573Z,
"@version" => "1",
"SNMPv2-SMI::enterprises.6431.1.1.1.1.2" => "\a\xE2\v\a
\x18&\x05-\x05\x00",
"SNMPv2-SMI::enterprises.6431.1.1.1.1.3" => "bwNSCallGotTreatment",
SIP code : 403",
"host" => "172.17.0.1",
"SNMPv2-SMI::enterprises.6431.1.1.1.1.8" => "4",
"SNMPv2-SMI::enterprises.6431.1.1.1.1.12.148.0" => "unkgw - Unknown Gateway",
"SNMPv2-MIB::snmpTrapOID.0" => "SNMPv2-SMI::enterprises.6431.1.1.1.2",
"SNMPv2-SMI::enterprises.6431.1.1.1.1.7" => "2",
"SNMPv2-SMI::enterprises.6431.1.1.1.1.1" => "1657929",
"SNMPv2-SMI::enterprises.6431.1.1.1.1.10" => "None",
"SNMPv2-SMI::enterprises.6431.1.1.1.1.12.146.0" => "",
"log_type" => "snmptrap",
"SNMPv2-SMI::enterprises.6431.1.1.1.1.12.115.0" => "403",
"SNMPv2-MIB::sysUpTime.0" => "4 days, 20:31:00.02"
}
[2018-11-07T15:24:38,712][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"veo-2018.11.07", :_type=>"doc", :_routing=>nil}, #<LogStash::Event:0x70925580>], :response=>{"index"=>{"_index"=>"veo-2018.11.07", "_type"=>"doc", "_id"=>"qT7G7mYBdu7i5xOGeCCi", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse", "caused_by"=>{"type"=>"i_o_exception", "reason"=>"Invalid UTF-8 middle byte 0x5c
at [Source: org.elasticsearch.common.bytes.BytesReference$MarkSupportingStreamInputWrapper@4c35a2e5; line: 1, column: 207]"}}}}}

• Steps to Reproduce:

Receive any traps with DateAndTime fields.

From the RFC, https://tools.ietf.org/html/rfc2579

DateAndTime ::= TEXTUAL-CONVENTION
    DISPLAY-HINT "2d-1d-1d,1d:1d:1d.1d,1a1d:1d"
    STATUS       current
    DESCRIPTION
            "A date-time specification.

            field  octets  contents                  range
            -----  ------  --------                  -----
              1      1-2   year*                     0..65536
              2       3    month                     1..12
              3       4    day                       1..31
              4       5    hour                      0..23
              5       6    minutes                   0..59
              6       7    seconds                   0..60
                           (use 60 for leap-second)
              7       8    deci-seconds              0..9
              8       9    direction from UTC        '+' / '-'
              9      10    hours from UTC*           0..13
             10      11    minutes from UTC          0..59

            * Notes:
            - the value of year is in network-byte order
            - daylight saving time in New Zealand is +13

            For example, Tuesday May 26, 1992 at 1:30:15 PM EDT would be
            displayed as:

                             1992-5-26,13:30:15.0,-4:0

            Note that if only local time is known, then timezone
            information (fields 8-10) is not present."
    SYNTAX       OCTET STRING (SIZE (8 | 11))