Obvious they should change. ;) But the problem is that they are all over the place. If I do an all-time search for something simple, like source:xxx, then do any type of histogram, every time that histogram refreshes the whole graph changes, even messages from days/weeks ago, by huge magnitudes (10 million messages from 14 days ago suddenly becomes 20,000).
I am baffled. This occurs in two instances with totally different data sets. One is running 1.1.3 and the other is running 1.1.6. We do have a process that uses the Elasticsearch S3 plugin to archive closed indices and deletes them using elasticsearch API directly. Maybe that's somehow causing problems? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/96d53c4a-6816-452a-9146-a369cbf9f0e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
