Hi Maciej, you can take a look at the Elasticsearch query Graylog used to find the messages when clicking on the small "Bug" symbol on the right side of the "Nothing found" area and run that query directly against your Elasticsearch cluster. Comparing that to the query that yields results should at least show if the problem is in the Elasticsearch query itself or in some post-processing done by Graylog.
Cheers, Jochen On Tuesday, 24 February 2015 12:25:28 UTC+1, Maciej Strömich wrote: > > OK. this is quite annoying and I'm unable to debug this issue. Restart > fixes it, I hoped that it will be gone with 1.0 upgrade but it's still > there. "-d" only showed errors in Stream rules which were fixed but it > wasn't it and the absolute search thing still is perserved. > > I've connected the graylog-server to our newrelic APM to see more insights > on what's going underneath. I will update this thread after getting some > details. > > any more ideas on debuging it? > > > On Thursday, February 5, 2015 at 11:52:41 AM UTC+1, Maciej Strömich wrote: >> >> Hi, >> >> >> I thought that after upgrading the Graylog to 0.92.4 the issues with >> regards absolute search are resolved but they are not, at least not >> completely. Please see attached screenshots. >> >> one is returning results, but if you change the timeframe just a >> littlebit it stops to return anything. >> >> the same situation was observed yesterday, but today yesterdays timeframe >> searches are showing proper results. >> >> My guess would be the indices being reloaded are fixing the issue, but >> not sure for 100%. >> >> >> -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
