No, this should not be a timezone issue, as the extractors are re-checked every second.
Do you have a lot of Grok patterns maybe? On Saturday, 6 June 2015 00:43:46 UTC+2, Jesse Skrivseth wrote: > > I don't have much new to report other than the observation that it takes > *exactly* 2 hours for newly created extractors to take effect. Could this > be a clock/timezone issue? All servers are UTC with accurate clocks. What > is coming in from NXLog and the devices behind it I cannot guarantee, but I > can't think of a reason that would matter. > > On Monday, June 1, 2015 at 8:30:40 AM UTC-6, Jesse Skrivseth wrote: >> >> Thanks to everyone for continuing to pursue this odd issue. >> >> Arie - We are using nxlog-ce version 2.9.1347 >> >> Kay - I can't seem to recreate the problem (yet) in a test environment, >> whether 1.0.2 or 1.1.0. There are some (possibly irrelevant) differences >> between test and production, but I'll mention them anyway. Production is >> built on Amazon Web Services using the provided 1.0.2 AMIs. Test is running >> locally from the 1.0.2 OVA images in ESXi. Test and production have >> different volumes of data coming in and different devices are sending logs. >> The only place I seem to be having trouble is in production with messages >> coming from the one network appliance I am focused on at the moment. I >> haven't had a need to add/update extractors for other devices yet, so I'm >> not sure if the problem is limited to that one device or is universal for >> this production instance. I will test more generally, with more devices, >> and see if I can find a pattern. >> > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
