Graylog Web UI doesn't display logs

mgajjar · June 3, 2021, 6:08pm

I am new to GrayLog and I have encountered a problem. I have setup my GrayLog server as follows:
Untitled Diagram

Now I am sending log data from all 3 hosts to RSYSLOG and then to GRAYLOG. On the GrayLog I can see logs from 1 host but if I try send logs from another host then it doesn’t show anything.

I ran a packet capture on the GrayLog and the packets are reaching GrayLog, I can see that in tcp dump.

But nothing comes up on the Web UI of GrayLog.

Anyone have any idea?
Thanks

gsmith · June 3, 2021, 10:23pm

@mgajjar
Hello and Welcome,

I would check the date/time of the devices sending and receiving logs is correct.
check the status of elasticsearch.
NOTE: change it to your correct ip address.

curl -XGET 'http://8.8.8.8:9200/_cluster/health?pretty=true'

What does the INPUT configuration look like? Did you try to use a global configuration?

Hope that helps

mgajjar · June 4, 2021, 12:59pm

@gsmith
Hello. I checked the timezone and they were different. It worked for me. Thank you so much.

Just one question does graylog take UTC as default timezone. Because the server where I installed graylog has EDT but graylog itself has UTC and thats why I wasn’t seeing any message?

And also is there anyway I can change timezone of graylog to EDT?

Because in the admin profile I can’t change timezone on WEB UI

But I really appreciate for your help. Now I know what the issue is. Thanks again

EDIT - I have installed graylog using docker container

gsmith · June 4, 2021, 9:44pm

Thats great, I’m glad I could help.

About Docker, we dont get along very well, so my focus is in package handlers instead
But as for your other question.
I read some where in the forum that Graylog by default uses UTC, Im not 100% sure thou, but there are other setting you can configure.

That would be here.

github.com

Graylog2/graylog2-server/blob/3c5eafb61f78143e6a83b8a979f2ac860ab4b853/misc/graylog.conf#L74


      
          # Create one by using for example: echo -n yourpassword | shasum -a 256
          # and put the resulting hash value into the following line
          root_password_sha2 =
          
          # The email address of the root user.
          # Default is empty
          #root_email = ""
          
          # The time zone setting of the root user. See http://www.joda.org/joda-time/timezones.html for a list of valid time zones.
          # Default is UTC
          #root_timezone = UTC
          
          # Set plugin directory here (relative or absolute)
          plugin_dir = plugin
          
          # REST API listen URI. Must be reachable by other Graylog server nodes if you run a cluster.
          # When using Graylog Collectors, this URI will be used to receive heartbeat messages and must be accessible for all collectors.
          rest_listen_uri = http://127.0.0.1:9000/api/
          
          # REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri
          # is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used.

As for Graylog 4, I do know that the user/s can set there own Time zone in there profile.
Hope that helps

mgajjar · June 7, 2021, 12:20pm

Thank you for the help.
I found a parameter to add in the yaml file to set the timezone to EDT when we start the GrayLog docker
It is as follows:
“GRAYLOG_ROOT_TIMEZONE=America/Chicago”

system · June 21, 2021, 12:20pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog only show logs on current UTC time Graylog Central (peer support)	16	3414	March 9, 2022
Logs not showing in web ui Graylog Central (peer support)	9	13809	May 4, 2018
I dont see my logs in Graylog Graylog Central (peer support)	3	14	September 26, 2024
Incorrect time in log Graylog Central (peer support) pipeline-rules	40	14718	September 28, 2018
Timezone graylog for a lot of timezone Graylog Central (peer support)	11	3054	December 20, 2018

Graylog Web UI doesn't display logs

Related topics