6 Hour delay in pipeline drop

trendal · July 2, 2025, 6:20am

I can’t seem to find what version we’re running in webUI, but it was updated in the last couple months to whatever was current at that time.

Last night I was trying to drop some really spammy useless messages and the pipeline rule was not working, or so it seemed. The counters were going up, but the messages were still in the Default Stream. Today looking back, it appears the filter applied a full 6 hours after I configured it.

Is this common? The red line was where I configured the pipeline. The target messages continued to be received for another 6 hours.

ihe · July 2, 2025, 12:00pm

I guess you have some kind of time offset with your timestamps. Did you ever try to create a unique log, and then searched it in your logging? how much offset did that have?

Can you try to run a search from yesterday until tomorrow via the timeselector and then have a look, if you have more logs “from the future”?

Graylog saves the UTC timestamp to all logs, and changes the field “timestamp” to the time you configured in the options of you user.

Topic		Replies	Views
Pipeline rule changes are becomming effective after one hour Graylog Central (peer support) pipeline-rules	3	254	January 11, 2024
Stream Message Count Widget Time is off Graylog Central (peer support) timestamp	4	576	June 7, 2022
Messages 2 hours behind Graylog Central (peer support) pipeline-rules , time-stamp-issuespl	6	2490	September 14, 2020
Timestamp issue on graylog Graylog Central (peer support) pipeline-rules	6	1897	December 18, 2020
Replacing default Graylog timestamp via Pipeline Processor Graylog Central (peer support) pipeline-rules , debuggingpl	13	11595	March 25, 2019

6 Hour delay in pipeline drop

Related topics