Trying to create a graylog query that searches using the time stamp. The search bar refuses to use time as a source.
timestamp:["2014-12-01 00:00:00.000" TO "2014-12-31 00:00:00.000"]
Tried different ways of putting in on the search bar and selecting time stamp from the message and adding to query but results remain empty
Hello && Welcome
Correct me if I’m wrong but are you searching in the YEAR of 2014? If so how are you retaining all your logs for that long?
I have Graylog 4.2 installed in my lab , unfortunately I could not reproduce your issue.
We are searching by the year 2014 for one of the queries and that one does work now. The issue I now have is I am trying to use timestamp as a variable in the search query itself. This may not be something that can be done we are trying to have a query that looks at the login time and records on a dashboard any time there is a login time past closing hours.
the query can be found below:
EventID:4624 AND timestamp:["*11:00" TO “*23:00”]
Hello,
You may want to look at these posts.
And this gives added details.
hope that helps
This could work we have not started using pipeline rules yet just queries but this did solve my problem in a development system
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
