meezaan
July 16, 2020, 12:59pm
1
Hello there, hoping someone can help me out with this.
Iโve got a Grok extractor that seems to be matching thousands of lines of logs - I can see the numbers in the details of the extractor.
But all these log lines now no longer appear in the search and neither to do the parsed fields.
Am I completely missing something?
Thank you.
shoothub
July 16, 2020, 2:21pm
2
Try to debug grok pattern with System - Grok patterns - Edit and Test with sample data
meezaan
July 16, 2020, 2:46pm
3
@shoothub Thanks for the reply.
Pattern works fine, no errors.
meezaan
July 19, 2020, 9:07am
4
Bumping this up in case anyone else has any ideas.
shoothub
July 19, 2020, 9:19am
5
Maybe you have problem with timestamps, check messages in System - Input - show messages, if itโs appear. Or try to use Absolute time frame selector, and include for past to also future date (e.g one day in future). Sometimes, timestamps are saved in future, so graylog canโt see it, but message is there:
https://docs.graylog.org/en/3.3/pages/searching/time_frame_selector.html#absolute-time-frame-selector
1 Like
jan
July 20, 2020, 10:39am
6
you should also check if you have ingest errors in System > Overview
meezaan
July 20, 2020, 11:06am
7
Thanks @shoothub . The messages were there and they appeared if I specified the input. Doing that search once somehow released about 20 million lines of logs. Not sure what was happening, but just clicking on show received messages once seemed to solve the problem.
Thank you.
meezaan
July 20, 2020, 11:06am
8
No Errors @jan , thank you.
system
August 3, 2020, 11:13am
9
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
