I can’t seem to find what version we’re running in webUI, but it was updated in the last couple months to whatever was current at that time.
Last night I was trying to drop some really spammy useless messages and the pipeline rule was not working, or so it seemed. The counters were going up, but the messages were still in the Default Stream. Today looking back, it appears the filter applied a full 6 hours after I configured it.
Is this common? The red line was where I configured the pipeline. The target messages continued to be received for another 6 hours.
I guess you have some kind of time offset with your timestamps. Did you ever try to create a unique log, and then searched it in your logging? how much offset did that have?
Can you try to run a search from yesterday until tomorrow via the timeselector and then have a look, if you have more logs “from the future”?
Graylog saves the UTC timestamp to all logs, and changes the field “timestamp” to the time you configured in the options of you user.
