i have a problem with my Graylog appliance:
in System\Graylog-Cluster\Outgoing-messages i see that on 26 October we had 7.86 Gb of messages stored, but if i search for those messages, i have no results.
How can i retrieve these logs? Can i serach for them on ssh terminal?
Usually it’s related to timestamp parsing.
Try to check other dates
thanks for your answer.
Can you please tell me how should i do that?
Have you tried to check “Show all messages” in the Input/Sidecar?
So no matter when log was received you will see it
Tried to put Show all messages, and went backwards to retrieve the Log, but it showed this error
esult window is too large, from + size must be less than or equal to:  but was . See the scroll api for a more efficient way to request large data sets. This limit can be set by changing the [index.max_result_window] index level setting