Missing messages on graylog

alexmagh · December 14, 2023, 2:16pm

Hi,

1. Describe your incident:

Client send logs with rsyslog to the concentrator. Logs on concentrator and on client are exactly the same. There is no issue between client->server.
However, when i’ll go on graylog, there are missing messages.
For example, this is one message in a log file present on the concentrator:

2023-10-02 10:23:03,951|pool-1-thread-18|INFO |EvaluationServiceByDossierWorker|eval-dossier-312||XXX|2023||eval-dossier-312|Fin evaluation par dossier : 081157518 (en 0.001 s)

This message is also present on graylog:

There are other messages following exactly the same pattern, but they are not present on graylog.

2. Describe your environment:
1 log concentrator: CentOS7
a cluster of 3 graylog server: CentOS7
a cluster of 3 elasticsearch: CentOS7

4. How can the community help?

Has anyone in the community encountered this problem?
Can you give me some research directions?

Thanks,
Regards,

gsmith · December 16, 2023, 3:04am

Hey @alexmagh

Not sure, if the logs are the same format and some are missing using “log concentrator”. Maybe check elasticsearch/opensearch log files. Only time I didnt receive log/s was the Date/Time were incorrect so I didnt see it right away. Or the input was incorrect for the types of logs it was receiving.

system · December 30, 2023, 3:05am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog works but some messages are missing Graylog Central (peer support)	3	657	January 11, 2023
Messages problem after snapshot restore Graylog Central (peer support)	2	477	April 5, 2018
Missing messages after restart Graylog Central (peer support)	3	1771	March 17, 2018
Messages In but Search is empty Graylog Central (peer support)	7	2343	October 25, 2018
Missing Log Message data (full) Graylog Central (peer support)	3	27	May 1, 2025

Missing messages on graylog

Related topics