How to view all logs for "today"

I have a bunch of logs, each of which has a date and a timestamp. I want to create a dashboard that shows all logs for TODAY. How do you do that? I tried for about 7 hours and couldn’t figure it out :smiley:
Note that Last 1 day is not the same thing as all logs for TODAY.

Hi, joshg

I tried that already, and it didn’t work.

We are in Sydney, so this should be the correct string:
yesterday midnight +1100 to today midnight +1100

The current time/date in Sydney is 2020-12-28 09:53

but the preview looks like this:
image

Which is 2 days off.

Part of the issue is that the system that Graylog uses for natural language query parsing (keyword) is based on a java utility call Natty.

Natty Date Parser (joestelmach.com)

This tool seems to base all of its time decisions on UTC time, so… what I’ve seen is that your local time is mostly ignored when it comes to determining when today is or yesterday was.

based on the query your posted and the fact that you are +1100, your current time is 2020-12-28 09:53. That in UTC is 2020-12-27 22:53. Natty took that UTC timestamp and determined that yesterday was 2020-12-26 and today was 2020-12-27. If you ran that query at or after 11am local time, it would have had the correct range.

What this means is that you can’t really use keyword to create a widget that will be accurate every time it loads because the scope of today, yesterday and tomorrow changes as the day goes on.

I have the exact same issue here. Unfortunately, it seems that there’s no solution at all.

Query “today” or “yesterday” only logs is extremely common in daily SoC operation. I really hope Graylog can fix this issue.

OK, good to know I am not dumb then lol.

It seems like they would just have to add a new dropdown option called Today. Not sure how hard that is.

It would also help to have a “last week” and “last month” for report purposes

Hi @joshg and @dleguizamon, thanks for the feedback. If y’all would like to see these implemented, I highly suggest creating a feature request in GitHub - Graylog2/graylog2-server: Free and open source log management that way our engineering team can prioritize and address the work.

1 Like

Thanks @aaronsachs,

I should’ve started by looking there. I see there already are two feature requests

1 Like

Hi @aaronsachs ,
Is there any timetable for fixing this issue?

@aqsss I don’t have an ETA on when this might be fixed. It’s completely dependent on our engineering team and what they determine to be at the top of their priority list when assigning work/deciding what features to add. I’d recommend adding a comment in one of the topics that @dleguizamon linked so that they and our product team have a better idea of what folks in the community feel is most needed.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.