What I mean by doing the same search is selecting "last x minutes" and hitting enter or the search button. I would expect this to give me the last x minutes worth of messages, but it gives me the x minutes worth of messages from the first time of the day that I ran the search. I am using the relative option, so instead of manually specifying a time range, I just used the drop down to select "last 5 minutes".
For example, this morning I launched my browser and logged into graylog. I ran a "last 5 minutes" search at 7:42am and it retrieved the expected data. I just ran the ran the same "last 5 minutes" relative search at 12:19pm after refreshing the webpage. It gives me the same data as the 7:42am search over that 5 minute time frame. I would expect that every time you search using a relative time frame, it would update the query with the current time stamp to reflect it. This behavior did not exist as best as I can remember in version before 2.0.0. I also don't see any JS errors in the console, I am running IE11 (if it matters), and there are no proxies between the browser and graylog. This behavior continues until I close the browser window and reopen it. Thanks! On Friday, May 13, 2016 at 11:19:03 AM UTC-5, Jochen Schalanda wrote: > > Hi David, > > what do you mean with "do the same searches 2 hours later"? Are you > selecting the same time range in the web interface again? Are you simply > reloading the already loaded search results? Are there any (caching) > proxies or reverse proxies between you and the Graylog web interface? Or > maybe even your web browser is caching those pages? > > Cheers, > Jochen > > On Friday, 13 May 2016 15:31:37 UTC+2, David Gerdeman wrote: >> >> I might have found a bug...running graylog 2.0.0 virtual appliance >> recently upgraded to 2.0.1. >> >> On the search tab, using the "relative" search options, if I select >> "search in the last 5 minutes" at 7:30Am, and then I select "search in the >> last 15 minutes" at 7:45Am, both will return the correct time range of data >> the first time they are used as a search parameter. However, if I do the >> same searches 2 hours later, it will retrieve the same data (7:25-7:30 and >> 7:30-7:45). If I view the JSON query for these searches, the time frame it >> uses does not change. I am always able to retrieve the most recent data if >> I use a search time frame I have not used yet. >> >> This behavior is seen in both 2.0.0 and 2.0.1, and appears in both of my >> graylog servers. Both machines have almost identical configurations, but >> have different workloads. Time/timezone show correctly on both the VM and >> the web console. UTC timestamps on the incoming data are being correctly >> shifted to CST time zone. This behavior exists in a freshly configured >> virtual appliance as well. >> >> Any help or ideas would be appreciated. >> Thanks! >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1c27548b-f229-4647-a7d4-46056055bdf7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
