I’m new to Graylog and i’m trying to feel my way around, i’ve referred to the documentation and googled the issue, but i may be doing a poor job at googling.
Here’s my issue:
I can go to search > Search in the last 1 day > and i get my results
However when i go to create an event definition to configure an Alert
Alerts > Event Definitions > Create Event Definition > Conditions > Filter and Aggregation > I get nothing (as indicated)
The configured event was not setting off any alarms
Even so, I was also having endlessly many email notifications every time the alarm SHOULD have been triggered.
I had to also search within the past 5+ hours to see any events in search or in event definition filter.
It looks like this was all due to the graylog server time zone being in UTC
I knew it was set to be in UTC by default, but I thought syncing the linux server to a local NTP server would resolve that. Which it did for the linux time, just not for the graylog time.
Windows 10 Event Logs were being collected via the SolarWinds log forwarder(super easy to use and setup by the way) and the time stamp being applied were the Windows system times (EST in 24 hour format)