Hello there, hoping someone can help me out with this.
Iโve got a Grok extractor that seems to be matching thousands of lines of logs - I can see the numbers in the details of the extractor.
But all these log lines now no longer appear in the search and neither to do the parsed fields.
Am I completely missing something?
Thank you.
Try to debug grok pattern with System - Grok patterns - Edit and Test with sample data
@shoothub Thanks for the reply.
Pattern works fine, no errors.
Bumping this up in case anyone else has any ideas.
Maybe you have problem with timestamps, check messages in System - Input - show messages, if itโs appear. Or try to use Absolute time frame selector, and include for past to also future date (e.g one day in future). Sometimes, timestamps are saved in future, so graylog canโt see it, but message is there:
you should also check if you have ingest errors in System > Overview
Thanks @shoothub. The messages were there and they appeared if I specified the input. Doing that search once somehow released about 20 million lines of logs. Not sure what was happening, but just clicking on show received messages once seemed to solve the problem.
Thank you.
No Errors @jan, thank you.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
