Hi Jochen, I tried the below on the 0.91.3 node, but no joy, exactly the same. Happy to upgrade that node to 0.92.0, as its non-production. The timestamp fixup script, said zero changes where made to documents.
Cheers, Marty On Friday, December 5, 2014 8:31:15 PM UTC+11, Jochen Schalanda wrote: > > Hi Marty, > > this looks kind of odd, indeed. That error should've been fixed in > Graylog2 0.91.1. > > Could you please try to run a manual index cycle (System -> Indices in the > web interface) and then use the Elasticsearch timestamp fixup tool (see > http://www.graylog2.org/news/post/0006-two-new-graylog2-releases for > details) on your Graylog2 indices? > > Sometimes, if the index wasn't cycled and the mapping hasn't been > regenerated, the timestamps are still stored in the wrong format (exactly > like you've described it). > > > Cheers, > Jochen > > > On Friday, 5 December 2014 01:23:53 UTC+1, Marty wrote: >> >> Hi Jochen, >> >> A previous correspondence said : >> Subject: GELF Output option issue for message stream >> - We will fix that one in the Graylog2 0.92.x version line. Another >> bugfix release for Graylog2 0.90.x and 0.91.x is currently not planned. >> >> So all my GELF forwarding testing is from Graylog2 0.92.0. Graylog2 >> receiver just happened to be a 0.91.3 (all non-production servers) >> >> So digging deeper, just wondering why I only see in Elasticsearch and not >> in the Graylog UI (0.91.3), maybe because of the *'timestamp*' at the >> receiving GL2, it's 'morphed'. See below, the sending message (as shown >> from elasticsearch) to the receiving elasticsearch. >> >> Also the 'full_message' on output is only the 'message', so detail is >> removed. Perhaps its the precision timestamp, causing the issue. >> >> These are just Rsyslog messages, using the Graylog2 template ( >> GRAYLOGRFC5424) >> >> Hostnames have removed, from examples - HOST >> >> *Sending Node: GL2 0.92.0 / ES 1.4.1 [GELF TCP /12201]* >> >> $ curl -XGET ' >> http://localhost:9200/graylog2_deflector/_search?q=_id:460d9ef0-7b52-11e4-baaa-005056a6608f&pretty >> ' >> { >> "took" : 14, >> "timed_out" : false, >> "_shards" : { >> "total" : 1, >> "successful" : 1, >> "failed" : 0 >> }, >> "hits" : { >> "total" : 1, >> "max_score" : 1.0, >> "hits" : [ { >> "_index" : "graylog2_0", >> "_type" : "message", >> "_id" : "460d9ef0-7b52-11e4-baaa-005056a6608f", >> "_score" : 1.0, >> >> "_source":{"application_name":"CROND","gl2_source_node":"7116a2ca-a48c-4319-91d9-d15d8e7e4ba4","full_message":"<78>0 >> >> 2014-12-04T12:10:02.078627+11:00 HOST CROND 6078 (root) CMD >> (/usr/lib64/sa/sa1 1 1)",*"timestamp":"2014-12-04 01:10:02.078"*,"message":" >> (root) CMD (/usr/lib64/sa/sa1 1 >> 1)\n","level":6,"process_id":"6078","_id":"460d9ef0-7b52-11e4-baaa-005056a6608f","facility":"clock","source":"HOST","gl2_source_input":"54742bf0e4b0a45edc5d890c","streams":["544db9f4e4b0ea0d9b00cb1c"]} >> } ] >> } >> } >> >> *Receiving Node: GL2 0.91.1 / ES 1.3.4 [GELF TCP/12201]* >> >> I added a static field on Input "gelf_out_test":"gl2" >> >> $ curl -XGET ' >> http://localhost:9200/graylog2_deflector/_search?q=id:460d9ef0-7b52-11e4-baaa-005056a6608f&pretty >> ' >> { >> "took" : 1, >> "timed_out" : false, >> "_shards" : { >> "total" : 1, >> "successful" : 1, >> "failed" : 0 >> }, >> "hits" : { >> "total" : 1, >> "max_score" : 12.366719, >> "hits" : [ { >> "_index" : "graylog2_5", >> "_type" : "message", >> "_id" : "4612a800-7b52-11e4-9f04-005056a61b64", >> "_score" : 12.366719, >> >> "_source":{"gelf_out_test":"gl2","application_name":"CROND","gl2_source_node":"36a66731-b525-4973-a713-d6749c07ad13","full_message":"(root) >> >> CMD (/usr/lib64/sa/sa1 1 >> 1)","version":"1.1","id":"460d9ef0-7b52-11e4-baaa-005056a6608f",*"timestamp":"46893-09-16 >> >> 15:14:38.000"*,"message":" (root) CMD (/usr/lib64/sa/sa1 1 >> 1)\n","process_id":"6078","level":6,"facility":"clock","_id":"4612a800-7b52-11e4-9f04-005056a61b64","source":"HOST","gl2_source_input":"547fa41fe4b009c113677ab5","streams":[],"forwarder":"org.graylog2.outputs.GelfOutput"} >> } ] >> } >> } >> >> Cheers, >> Marty >> > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
