Hello Sandro, it looks like you've only run the tool for a single Elasticsearch index (graylog2_0). Graylog2 usually is using multiple indices for storing messages (which can be configured in the retention settings in your graylog2.conf). It's very likely that the messages with the defective timestamps are stored in one of the other indices.
I would suggest that you run the fixup tool for all the remaining indices as well. If the graphs still start at 1/1/1970 after that, we'll have to investigate further. Cheers, Jochen Am Freitag, 21. November 2014 11:28:29 UTC+1 schrieb Sandro Roth: > > Hi there > > We upgraded graylog and elasticsearch from 0.20.2 and 0.90.10 to 0.91.3 > and 1.3.4. > After the upgrade we noticed that searching through everything (all > messages) results in a graph that starts on Jan 1st 1970. (see attachment) > I remembered reading about this in the release notes so I went ahead and > ran the fixup script on our test setup. > > # ./graylog2-es-timestamp-fixup -F -i graylog2_0 > 2014-11-21 11:06:16,428 WARN : org.elasticsearch.discovery - [spch9320] > waited for 3s and no initial state was set by the discovery > 2014-11-21 11:06:17,135 INFO : org.graylog2.ESTimestampFixup - Changed 0 > of total 22579 documents (8.86% checked) > 2014-11-21 11:06:17,440 INFO : org.graylog2.ESTimestampFixup - Changed 0 > of total 22579 documents (17.72% checked) > 2014-11-21 11:06:17,676 INFO : org.graylog2.ESTimestampFixup - Changed 0 > of total 22579 documents (26.57% checked) > 2014-11-21 11:06:17,866 INFO : org.graylog2.ESTimestampFixup - Changed 0 > of total 22579 documents (35.43% checked) > 2014-11-21 11:06:18,021 INFO : org.graylog2.ESTimestampFixup - Changed 0 > of total 22579 documents (44.29% checked) > 2014-11-21 11:06:18,141 INFO : org.graylog2.ESTimestampFixup - Changed 0 > of total 22579 documents (53.15% checked) > 2014-11-21 11:06:18,244 INFO : org.graylog2.ESTimestampFixup - Changed 0 > of total 22579 documents (62.00% checked) > 2014-11-21 11:06:18,356 INFO : org.graylog2.ESTimestampFixup - Changed 0 > of total 22579 documents (70.86% checked) > 2014-11-21 11:06:18,431 INFO : org.graylog2.ESTimestampFixup - Changed 0 > of total 22579 documents (79.72% checked) > 2014-11-21 11:06:18,510 INFO : org.graylog2.ESTimestampFixup - Changed 0 > of total 22579 documents (88.58% checked) > 2014-11-21 11:06:18,586 INFO : org.graylog2.ESTimestampFixup - Changed 0 > of total 22579 documents (97.44% checked) > 2014-11-21 11:06:18,616 INFO : org.graylog2.ESTimestampFixup - Changed 0 > of total 22579 documents (100.00% checked) > > > So it didn't change anything in the index, why not? The problem is still > there in graylog.. > Am I missing something? > > > Thanks for your help > Regards > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
