What I mean by doing the same search is selecting "last x minutes" and hitting enter or the search button. I would expect this to give me the last x minutes worth of messages, but it gives me the x minutes worth of messages from the first time of the day that I ran the search. I am using the relative option, so instead of manually specifying a time range, I just used the drop down to select "last 5 minutes".
For example, this morning I launched my browser and logged into graylog. I ran a "last 5 minutes" search at 7:42am and it retrieved the expected data. I just ran the ran the same "last 5 minutes" relative search at 12:19pm after refreshing the webpage. It gives me the same data as the 7:42am search over that 5 minute time frame. I would expect that every time you search using a relative time frame, it would update the query with the current time stamp to reflect it. This behavior did not exist as best as I can remember in version before 2.0.0. I also don't see any JS errors in the console, I am running IE11 (if it matters), and there are no proxies between the browser and graylog. This behavior continues until I close the browser window and reopen it. Thanks! On Friday, May 13, 2016 at 11:19:03 AM UTC-5, Jochen Schalanda wrote: > > Hi David, > > what do you mean with "do the same searches 2 hours later"? Are you > selecting the same time range in the web interface again? Are you simply > reloading the already loaded search results? Are there any (caching) > proxies or reverse proxies between you and the Graylog web interface? Or > maybe even your web browser is caching those pages? > > Cheers, > Jochen > > On Friday, 13 May 2016 15:31:37 UTC+2, David Gerdeman wrote: >> >> I might have found a bug...running graylog 2.0.0 virtual appliance >> recently upgraded to 2.0.1. >> >> On the search tab, using the "relative" search options, if I select >> "search in the last 5 minutes" at 7:30Am, and then I select "search in the >> last 15 minutes" at 7:45Am, both will return the correct time range of data >> the first time they are used as a search parameter. However, if I do the >> same searches 2 hours later, it will retrieve the same data (7:25-7:30 and >> 7:30-7:45). If I view the JSON query for these searches, the time frame it >> uses does not change. I am always able to retrieve the most recent data if >> I use a search time frame I have not used yet. >> >> This behavior is seen in both 2.0.0 and 2.0.1, and appears in both of my >> graylog servers. Both machines have almost identical configurations, but >> have different workloads. Time/timezone show correctly on both the VM and >> the web console. UTC timestamps on the incoming data are being correctly >> shifted to CST time zone. This behavior exists in a freshly configured >> virtual appliance as well. >> >> Any help or ideas would be appreciated. >> Thanks! >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1c27548b-f229-4647-a7d4-46056055bdf7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
