Admin has limited Searching to a month ago

All,
I came across a warning when I clicked on " Show received messages" on any of my INPUTS and it redirect me to the Search page.

I’m unable to click on the Green search button for that input.

My work around is select " Preset Times.

I just applied Updates last Thursday.

Updates that were applied

package_updates_applied
[root@graylog graylog-server]# grep Updated: /var/log/yum.log | tail -25
Jan 14 23:49:05 Updated: cronie-1.4.11-24.el7_9.x86_64
Jan 14 23:49:05 Updated: systemd-sysv-219-78.el7_9.5.x86_64
Jan 14 23:49:05 Updated: systemd-python-219-78.el7_9.5.x86_64
Jan 14 23:49:05 Updated: libgudev1-219-78.el7_9.5.x86_64
Jan 14 23:49:05 Updated: unzip-6.0-24.el7_9.x86_64
Jan 27 20:19:39 Updated: 1:openssl-libs-1.0.2k-24.el7_9.x86_64
Jan 27 20:19:39 Updated: 1:openssl-1.0.2k-24.el7_9.x86_64
Jan 27 20:19:40 Updated: mongodb-org-database-tools-extra-4.4.12-1.el7.x86_64
Jan 27 20:19:40 Updated: mongodb-org-tools-4.4.12-1.el7.x86_64
Jan 27 20:19:45 Updated: mongodb-org-server-4.4.12-1.el7.x86_64
Jan 27 20:19:48 Updated: mongodb-org-shell-4.4.12-1.el7.x86_64
Jan 27 20:19:52 Updated: mongodb-org-mongos-4.4.12-1.el7.x86_64
Jan 27 20:19:53 Updated: httpd-tools-2.4.6-97.el7.centos.4.x86_64
Jan 27 20:19:54 Updated: httpd-2.4.6-97.el7.centos.4.x86_64
Jan 27 20:19:56 Updated: kernel-tools-libs-3.10.0-1160.53.1.el7.x86_64
Jan 27 20:20:00 Updated: kernel-tools-3.10.0-1160.53.1.el7.x86_64
Jan 27 20:20:00 Updated: 1:mod_ssl-2.4.6-97.el7.centos.4.x86_64
Jan 27 20:20:00 Updated: mongodb-org-4.4.12-1.el7.x86_64
Jan 27 20:20:03 Updated: 1:openssl-devel-1.0.2k-24.el7_9.x86_64
Jan 27 20:20:07 Updated: python-perf-3.10.0-1160.53.1.el7.x86_64
Jan 27 20:20:37 Updated: polkit-0.112-26.el7_9.1.x86_64
Jan 27 20:20:51 Updated: kernel-headers-3.10.0-1160.53.1.el7.x86_64
Jan 27 20:21:40 Updated: grafana-8.3.4-1.x86_64
Jan 31 22:53:22 Updated: 1:java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.x86_64
Jan 31 22:53:23 Updated: 1:java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.x86_64
[root@graylog graylog-server]#

My Environment:

  • CentOS 7 OS
  • Graylog 4.2.5+59802bf
Elasticsearch

{
“name” : “graylog.enseva-labs.net”,
“cluster_name” : “graylog”,
“cluster_uuid” : “OMgi3eu5QGiJ3buKOYn4_w”,
“version” : {
“number” : “7.10.2”,
“build_flavor” : “oss”,
“build_type” : “rpm”,
“build_hash” : “747e1cc71def077253878a59143c1f785afa92b9”,
“build_date” : “2021-01-13T00:42:12.435326Z”,
“build_snapshot” : false,
“lucene_version” : “8.7.0”,
“minimum_wire_compatibility_version” : “6.8.0”,
“minimum_index_compatibility_version” : “6.0.0-beta1”
},
“tagline” : “You Know, for Search”
}

MongDb

db version v4.4.12
Build Info: {
“version”: “4.4.12”,
“gitVersion”: “51475a8c4d9856eb1461137e7539a0a763cc85dc”,
“openSSLVersion”: “OpenSSL 1.0.1e-fips 11 Feb 2013”,
“modules”: ,
“allocator”: “tcmalloc”,
“environment”: {
“distmod”: “rhel70”,
“distarch”: “x86_64”,
“target_arch”: “x86_64”
}
}

I’ll be honest, not sure if I did this myself, something new I don’t know about or it happened a while ago.

To recreate this, I navigated to any INPUT and clicked on Show Received Messages button.
Is it just me or does anyone know?

Logs

GL-logs
2022-01-31T21:45:34.957-06:00 INFO  [AbstractTcpTransport] Enabled TLS for input [GELF TCP/5a62903bffe8b1e04bd2fe89]. key-file="/etc/graylog/graylog3-key.pem" cert-file="/etc/graylog/graylog3-certificate.pem"
2022-01-31T21:45:34.957-06:00 INFO  [InputStateListener] Input [Raw/Plaintext UDP/5e9f732383d72e05f668a26d] is now STARTING
2022-01-31T21:45:34.959-06:00 INFO  [InputStateListener] Input [Beats/619318e9d1f2fd03dc7b4b4c] is now STARTING
2022-01-31T21:45:34.965-06:00 INFO  [InputStateListener] Input [NetFlow UDP/61930ee96cfcf9713fe14bf2] is now STARTING
2022-01-31T21:45:35.279-06:00 INFO  [InputStateListener] Input [Beats/619318e9d1f2fd03dc7b4b4c] is now RUNNING
2022-01-31T21:45:35.300-06:00 INFO  [InputStateListener] Input [GELF TCP/5a62903bffe8b1e04bd2fe89] is now RUNNING
2022-01-31T21:45:35.317-06:00 INFO  [InputStateListener] Input [GELF TCP/5e265ada83d72ec570ab5fe2] is now RUNNING
2022-01-31T21:45:35.378-06:00 INFO  [InputStateListener] Input [Raw/Plaintext UDP/5e9f732383d72e05f668a26d] is now RUNNING
2022-01-31T21:45:35.385-06:00 WARN  [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Network Devices (Force 10), type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0x591acb01, L:/0:0:0:0:0:0:0:0%0:51420]) should be >= 1703936 but is 425984.
2022-01-31T21:45:35.385-06:00 WARN  [AbstractTcpTransport] receiveBufferSize (SO_RCVBUF) for input Beats2Input{title= Beats, type=org.graylog.plugins.beats.Beats2Input, nodeId=null} (channel [id: 0x09a46d84, L:/0:0:0:0:0:0:0:0%0:5044]) should be >= 1048576 but is 425984.
2022-01-31T21:45:35.397-06:00 WARN  [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Security Devices, type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0x916a3897, L:/0:0:0:0:0:0:0:0%0:51430]) should be >= 1048576 but is 425984.
2022-01-31T21:45:35.397-06:00 WARN  [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Network Devices (Force 10), type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0x35268920, L:/0:0:0:0:0:0:0:0%0:51420]) should be >= 1703936 but is 425984.
2022-01-31T21:45:35.397-06:00 WARN  [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Security Devices, type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0xec839cbc, L:/0:0:0:0:0:0:0:0%0:51430]) should be >= 1048576 but is 425984.
2022-01-31T21:45:35.397-06:00 WARN  [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Network Devices (Force 10), type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0x6ff0be75, L:/0:0:0:0:0:0:0:0%0:51420]) should be >= 1703936 but is 425984.
2022-01-31T21:45:35.397-06:00 WARN  [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Security Devices, type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0xf0c997cf, L:/0:0:0:0:0:0:0:0%0:51430]) should be >= 1048576 but is 425984.
2022-01-31T21:45:35.398-06:00 WARN  [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Security Devices, type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0x5d461ce1, L:/0:0:0:0:0:0:0:0%0:51430]) should be >= 1048576 but is 425984.
2022-01-31T21:45:35.397-06:00 WARN  [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Security Devices, type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0x25e6091b, L:/0:0:0:0:0:0:0:0%0:51430]) should be >= 1048576 but is 425984.
2022-01-31T21:45:35.398-06:00 WARN  [AbstractTcpTransport] receiveBufferSize (SO_RCVBUF) for input GELFTCPInput{title=Linux Secure System, type=org.graylog2.inputs.gelf.tcp.GELFTCPInput, nodeId=null} (channel [id: 0x71d3c125, L:/0:0:0:0:0:0:0:0%0:51411]) should be >= 1058576 but is 425984.
2022-01-31T21:45:35.397-06:00 WARN  [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Network Devices (Force 10), type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0x57ce1e06, L:/0:0:0:0:0:0:0:0%0:51420]) should be >= 1703936 but is 425984.
2022-01-31T21:45:35.398-06:00 WARN  [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Network Devices (Force 10), type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0x8b9450c1, L:/0:0:0:0:0:0:0:0%0:51420]) should be >= 1703936 but is 425984.
2022-01-31T21:45:35.398-06:00 WARN  [AbstractTcpTransport] receiveBufferSize (SO_RCVBUF) for input GELFTCPInput{title=Windows System Secure, type=org.graylog2.inputs.gelf.tcp.GELFTCPInput, nodeId=null} (channel [id: 0xb3dbc0c2, L:/0:0:0:0:0:0:0:0%0:51412]) should be >= 1048576 but is 425984.
2022-01-31T21:45:35.399-06:00 WARN  [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Network Devices (Force 10), type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0xd82c9f49, L:/0:0:0:0:0:0:0:0%0:51420]) should be >= 1703936 but is 425984.
2022-01-31T21:45:35.399-06:00 WARN  [UdpTransport] receiveBufferSize (SO_RCVBUF) for input RawUDPInput{title=Security Devices, type=org.graylog2.inputs.raw.udp.RawUDPInput, nodeId=null} (channel [id: 0xfc563139, L:/0:0:0:0:0:0:0:0%0:51430]) should be >= 1048576 but is 425984.
2022-01-31T21:45:35.400-06:00 INFO  [InputStateListener] Input [Raw/Plaintext UDP/5a6965ef83d72e84ac7ca99b] is now RUNNING
2022-01-31T21:45:35.446-06:00 INFO  [InputStateListener] Input [NetFlow UDP/61930ee96cfcf9713fe14bf2] is now RUNNING
2022-01-31T21:45:40.313-06:00 INFO  [connection] Opened connection [connectionId{localValue:12, serverValue:134}] to localhost:27017
2022-01-31T21:45:41.588-06:00 INFO  [connection] Opened connection [connectionId{localValue:13, serverValue:135}] to localhost:27017
2022-01-31T21:45:41.766-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T21:50:12.885-06:00 INFO  [connection] Opened connection [connectionId{localValue:14, serverValue:136}] to localhost:27017
2022-01-31T22:32:04.913-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:32:05.081-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:32:08.963-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:32:43.504-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:32:43.667-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:32:47.277-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:19.262-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:20.453-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:20.541-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:20.568-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:20.816-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:20.860-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:27.203-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:27.473-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:29.292-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.
2022-01-31T22:33:39.473-06:00 ERROR [AuditLogger] Unable to write audit log entry because there is no valid license.

Not seeing anything in Elasticsearch and MongoDb logs.

I did find something weird when I check Graylog service status

[root@graylog graylog-server]# systemctl status graylog-server -l
● graylog-server.service - Graylog server
   Loaded: loaded (/usr/lib/systemd/system/graylog-server.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2022-01-31 21:45:08 CST; 1h 43min ago
     Docs: http://docs.graylog.org/
 Main PID: 120429 (graylog-server)
   CGroup: /system.slice/graylog-server.service
           ├─120429 /bin/sh /usr/share/graylog-server/bin/graylog-server
           └─120479 /usr/bin/java -Xms3g -Xmx3g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:-OmitStackTraceInFastThrow -Djdk.tls.acknowledgeCloseNotify=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -jar -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=rpm /usr/share/graylog-server/graylog.jar server -f /etc/graylog/server/server.conf -np

Jan 31 21:45:08 graylog.domain.com systemd[1]: Started Graylog server.
Jan 31 21:45:11 graylog.domain.com  graylog-server[120429]: 2022-01-31 21:45:11,420 main ERROR appender File has no parameter that matches element Policies
Jan 31 21:45:11 ggraylog.domain.com  graylog-server[120429]: 2022-01-31 21:45:11,447 main ERROR Unable to locate appender "STDOUT" for logger config "org.graylog2.rest.accesslog"
Jan 31 22:32:00 graylog.domain.com  graylog-server[120429]: SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
Jan 31 22:32:00 graylog.domain.com  graylog-server[120429]: SLF4J: Defaulting to no-operation (NOP) logger implementation
Jan 31 22:32:00 graylog.domain.com  graylog-server[120429]: SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.

I’m actual looking into that link shown above , but I figured I post this incase someone else may run into this.

Found the first Error and corrected it. I don’t think that would make a warning in my global search, Its just my restaccess log/s

<Loggers>
         <!-- RestAccessLogFilter -->
        <Logger name="org.graylog2.rest.accesslog" level="debug" additivity="false">
                <AppenderRef ref="RestAccessLog" level="debug"/>
                <AppenderRef ref="STDOUT" level="info"/>
 </Logger>

I do have to clean up the server, I treat it really bad :laughing:

I’m such a moron for not catching this. I blame old age :older_adult:
Solved…
Someone decide to click the tic box here.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.