I might have found a bug...running graylog 2.0.0 virtual appliance recently upgraded to 2.0.1.
On the search tab, using the "relative" search options, if I select "search in the last 5 minutes" at 7:30Am, and then I select "search in the last 15 minutes" at 7:45Am, both will return the correct time range of data the first time they are used as a search parameter. However, if I do the same searches 2 hours later, it will retrieve the same data (7:25-7:30 and 7:30-7:45). If I view the JSON query for these searches, the time frame it uses does not change. I am always able to retrieve the most recent data if I use a search time frame I have not used yet. This behavior is seen in both 2.0.0 and 2.0.1, and appears in both of my graylog servers. Both machines have almost identical configurations, but have different workloads. Time/timezone show correctly on both the VM and the web console. UTC timestamps on the incoming data are being correctly shifted to CST time zone. This behavior exists in a freshly configured virtual appliance as well. Any help or ideas would be appreciated. Thanks! -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/d9db8bec-c034-4712-9505-5cf35a7f1bfa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
