Just as another data point, manually cycling the deflector appears to have
fixed the issue.
On Wednesday, November 2, 2016 at 1:21:08 PM UTC-4,
daniel...@hagan-consulting.com wrote:
>
> No, I am using a straight graylog/ES stack, with logstash pre-processing
> syslog and submitting to graylog
No, I am using a straight graylog/ES stack, with logstash pre-processing
syslog and submitting to graylog via GELF connection.
On Wednesday, November 2, 2016 at 1:15:59 PM UTC-4, 123Dev wrote:
>
> Just for curiosity, do you use Kibana or Marvel?
>
> As I previously have mentioned it, our
Just for curiosity, do you use Kibana or Marvel?
As I previously have mentioned it, our problems might be related to the
usage of Kibana / Marvel, as that's a change we recently introduced.
Stopping Kibana didn't make a difference, neither removing the Marvel Agent
from ES
So I dug into ES
I'm seeing the same symptoms you are, at least today. If I leave it at
last 5 minutes, it starts failing to display results 5 minutes after the
last time I recalculate index ranges. So perhaps my overnight issue is
more complex but the same root cause? Hard to say. There must be
something
Thanks for the follow up
Although our symptoms are the same, probably the root causes are different.
In our case, our ES never goes red (not even yellow), and the deflector
alias which is pointing to today's is correct.
The issue at hand is whatever else happens during "Recalculate Index
This seems like a potential bug to me. Due to an unrelated and undiagnosed
issue, my elasticsearch cluster isn't allocating shards successfully every
night. So this problem is recurring for me each day in the following
scenario:
1. Index rotation set to time based, P1D.
2. New index is
How often "Recalculate Index Ranges" are automatically performed?
What controls that?
It appears that when I "recalculate the index Ranges", messages are
detected.
but 5 minutes later, messages in the last 5m window are gone, obviously 15m
window still show data.
but as more time passes on, we
I've been pulling my hair trying to figure this issue out.
I've done countless number of "Recalculate Index Ranges"
In fact maybe my problem is with "Recalculate Index Ranges" because just
before my last try, I was getting messages, and now I don't.
This is also playing havoc on many of the
Surprisingly, I ran into this issue this morning as well. After some
poking around I found that my current index time ranges hadn't been updated
in 15 hours, which I assume was breaking the logic used to select indices
for searching. In System -> Indices, it said the index range hadn't been
Was this ever resolved.
i never had this issue, and been running Graylog for a long time.
Just today with the latest Graylog (2.1.1)
Search * for Last, 5m 15m, 30m, 1hr don't return and results
Search * in the last 2 hours returns messages just few seconds ago,
This is across the board, in a
Hey Edmundo,
Graylog user timezone and messages timezone are correct. Has been setup
that way for over a year, and I have confirmed they are still setup
correctly.
I upgraded to the latest version hoping that would fix it, but still
running into the same issue.
Any other suggestions? Error
Hey Team,
Running into a strange issue with my Graylog2 setup.
Search for anything with last hour returns no results. I can duplicate
the same exact search with last day and see messages from within the last
few seconds.
Only searches with the last hour tag are returning nothing.
v92.3
Hello Zach,
I would start taking a look at the time configuration, specially timezones.
Could you verify the time settings in the machines sending logs, and that both
your Graylog user's timezone and the messages' timezones are correct?
I hope that helps.
Regards,
Edmundo
--
Developer
Tel.:
13 matches
Mail list logo