I am attempting to search though incoming pfSense logs. I have an input set up, as well as extractors. From these extractors it appears that I am correctly parsing the data into fields, most notably timestamp. The image below is taken from when I go to my input, View receive messages which shows a LOT of messages, and I click on one:
Now if I go the the search option at the top of the page, which I presume is the same function as when I View received messages on the input screen, all of the option boxes are blank. If I simply enter timestamp in the searchbox, and do not specify any place to search, which says it should search everywhere, nothing seems to be available:
Now if I specify a particular stream to search in (pfSense-Stream) there is no data missing error, however without pressing enter, there is only one message presented:
Note that once I the press enter to, what I believe, is to start the search, I get the following:
Ultimately what I wish to do is to set up a dashboard in Grafana to represent the data, when I go in to grafana which requires a time field. When I enter what I believe should be the correct field “timestamp” it says that it can not be found:
I use Cerebro to gain further insight to my ES install / data, and the index in ES according to Cerebro is called pfsense_:
Updated info:
If in the search area with all messages showing, I open a message, I can see the timestamp label and it shows that it is a date:
I am running Graylog 3.2 with Elasticsearch 6.8.9, Cerebro 0.9.0, Grafana 7.0.1
Thank you for taking time to review this post.