1. Describe your incident:
I am attempting to monitor graylog’s indexer failures automatically, but the API requires a “since” field with an ISO8601 date, which does not support relative formats.
This is extremely frustrating as I now have to calculate relative dates myself to get failures over the past 1 hour, 6 hours, 24 hours, ect.
I could create a script that the my monitor would run, but thats an annoying and unnecessary fix.
Is there anyway to pass a relative date, like -1d or something to this API?
You’d think since the search supports relative dates, the API would too…
Understood. I forget that using the Processing and Indexing Failures stream/feature requires an active enterprise license. I don’t think there is any other way to query what you need without a license.