Hi,
I’m using Graylog 2.5.2 and I have a strange behavior.
Using Beats some log are coming to Graylog but I cannot see them on AllMessages Stream
Using Elasticsearch query link on Kibana I can find all messages that are coming.
But why they are not visible on Graylog Stream?
What I can inspect to understan where I’m wrong?
Thanks
Gianluca
Do you send the logs to elasticsearch instead of graylog?
If graylog doesn’t process a message, it won’t show it.
If you check your message there are no “gl2_”* field in it.
Am I correct?
No, I used the file beat to send logs to graylog.
After 2h the messages appear on graylog stream.
I don’t understand the reason
oh, it’s easier. Check the date in the sent message, and at the graylog side.
somewhere you have a problem.
If you send message with timestamp eg. 5pm, and you see the messages at 3pm with last 5 min settings, you won’t see the message from the future.
Correct
but after 2h I see the messages. And now when I stop and start the file beat the messages arrive immediately. It is very strange
