Hi all,
I created my first input following a video tutorial from youtube.
As shown there are 5msg/min coming in. When I click on “Show received messages” the view remains empty
Any idea what is going wrong?
Hi,
Is an index written? System / Indices / (e.g. Default Index)
Is the time zone correct?
Is the time correct?
Is the " Message Processors Configuration" correct (System / Configurations)
For some reason there has been a delay. Showing now. Did not change anything. Weird
Check your time zones. Graylog server should be set to GMT/UTC time. If possible, all devices should be UTC as well.
If the time zones are off, it can cause messages to “appear” after one, two, three hours or more. Even weirder, if the time zone is set ahead of UTC, messages will come in with a time stamp that is in the future (cue sci-fi spooky music). You actually need to either manually set the time ahead via the absolute time range picker, or choose “all messages” to see these “future” messages.
I logged in with a user I created within graylog. He has Berlin timezone. works correctly on the stream. Had UTC for the admin user configured in server.conf, then changed to Europe/Berlin, but that did not change anything
What time zone is the server set to? Not the admin user in server.conf, but the host itself.
Using tzdata I set it to Europe/Berlin, assuming that is UTC+2
It’s correct. At least in my Berlin 
cat /etc/timezone
Europe/Berlin
cat /etc/graylog/server/server.conf | grep timezone
root_timezone = Europe/Berlin
Look under System/Overview/“Time configuration”. All times should be the same here.
Try setting the server to UTC. Graylog will translate to each user’s locale.
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.