Graylog 2.5.2 - Can't search on timestamp

Hello,

I’m just evaluating Graylog as a centralized logging service for my organisation. After having installed it, I’m trying to perform some queries. fior example, trying to execute the following
timestamp: 2020-01-31 10:24:06.000
I get this result:
failed to parse date field [2020] with format [yyyy-MM-dd HH:mm:ss.SSS]
However the given timestamp satisfies the mention format. Very confusing ! Here is a screen shot:

Many thanks id advance.
Kind regards,
Nicolas

he @nicolasduminil

first, when you evaluate did you select a EOL version on purpose?

What Elasticsearch Version did you have installed? Why did you not use the absolut timestamp picker for that kind of search?

I don’t think that such a reply is supposed to answer my question. But since you’re answering my question by other two questions, I didn’t use an “absolute timestamp picker” because I don’t know what it is and how to use it. Then, I thought to ask the question on this users forum hoping that someone will be kind enough to let me know how to perform this simple operation, that the documentation doesn’t clearly explain. Not the case here, obviously. But thank you anyway.

You’re using an old version of the software to perform an evaluation. The results of that evaluation are going to be invalid since there are some big differences from v2.5.2 to the latest v3.1.4

Jan asked some very simple questions in order to assist with troubleshooting and your response is a perfect example of how NOT to receive support.
This community is very helpful however, we expect to be provided with enough information to actually troubleshoot.

I’m using this version:
Graylog 3.1.4+1149fe1 on 0e10f7386e1b (Oracle Corporation 1.8.0_232 on Linux 4.15.0-76-generic)
My question is the same. May I have some support now or is it too much to ask ?
Kind regards,
Nicolas

If you would like to be snippy, perhaps you should opt for the paid support?

try:

timestamp:"2020-01-29 14:50:49.000"

Notice there are no spaces in the query… other than between quotes…

1 Like

Thank you so much for having answered my question and for your precious time. But I would like to make you notice that you’re not respecting your own chart. In deed, by calling me “snippy”, you’re answering to the person, not to the issue.

In any case, I think that given these exchanges my evaluation is terminated much earlier then planned. Back to Kibana.

Please receive my humble apologies for having disturbed so much people on this forum with my simple question. It won’t happen again, I prommiss.

Kind regards,
Nicolas

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.