Surprisingly, I ran into this issue this morning as well. After some poking around I found that my current index time ranges hadn't been updated in 15 hours, which I assume was breaking the logic used to select indices for searching. In System -> Indices, it said the index range hadn't been updated in 15 hours. I went to System -> Indices and selected Maintenance -> Recalculate index ranges, and that fixed it.
On Monday, October 31, 2016 at 4:02:44 PM UTC-4, 123Dev wrote: > > Was this ever resolved. > i never had this issue, and been running Graylog for a long time. > > Just today with the latest Graylog (2.1.1) > Search * for Last, 5m 15m, 30m, 1hr don't return and results > Search * in the last 2 hours returns messages just few seconds ago, > This is across the board, in a clustered environment, with multiple > sources. > Impossible for all those sources to have the wrong dates. > I checked all Graylog nodes ES Nodes and they all have the correct dates / > timezones. > > What gives? > Really puzzling. > > Thanks > > On Wednesday, April 15, 2015 at 4:22:18 PM UTC-4, Zi Dvbelju wrote: >> >> Hey Edmundo, >> >> Graylog user timezone and messages timezone are correct. Has been setup >> that way for over a year, and I have confirmed they are still setup >> correctly. >> >> I upgraded to the latest version hoping that would fix it, but still >> running into the same issue. >> >> Any other suggestions? Error logs don't show any issues. >> >> Only relative searches return data; nothing from absolute. >> >> Thanks, >> Z >> >> >> On Tuesday, January 20, 2015 at 2:40:53 PM UTC-5, Edmundo Alvarez wrote: >>> >>> Hello Zach, >>> >>> I would start taking a look at the time configuration, specially >>> timezones. Could you verify the time settings in the machines sending logs, >>> and that both your Graylog user's timezone and the messages' timezones are >>> correct? >>> >>> I hope that helps. >>> >>> Regards, >>> Edmundo >>> >>> -- >>> Developer >>> >>> Tel.: +49 (0)40 609 452 077 >>> Mobile: +49 (0)171 27 22 181 >>> Mobile (US): +1 (713) 321 8126 >>> Fax.: +49 (0)40 609 452 078 >>> >>> TORCH GmbH >>> Steckelhörn 11 >>> 20457 Hamburg >>> Germany >>> https://www.torch.sh/ >>> >>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 >>> Geschäftsführer: Lennart Koopmann (CEO) >>> >>> > On 20 Jan 2015, at 19:34, Zi Dvbelju <[email protected]> wrote: >>> > >>> > Hey Team, >>> > >>> > Running into a strange issue with my Graylog2 setup. >>> > >>> > Search for anything with "last hour" returns no results. I can >>> duplicate the same exact search with "last day" and see messages from >>> within the last few seconds. >>> > >>> > Only searches with the "last hour" tag are returning nothing. >>> > >>> > v92.3 >>> > >>> > Thanks, >>> > Zach >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> Groups "graylog2" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> > For more options, visit https://groups.google.com/d/optout. >>> >>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/badcad55-a5cc-4d00-880d-70ade12aff92%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
