Hi
I am having a problem with showing logs in searches.
I have set up a Ubuntu graylog 3.0 server that recieves GELF UDP logs from a windows machine. The time zone on both machines and the time zone in /etc/graylog/server/server.conf are all set to Europa/Copenhagen (+1 hour).
I can see under system-> indices that there are coming a lot of messages to my indices but if I go under sustem-> Inputs -> Show recieved messages no one is showed there. Also if I press show elasticsearch query I can see the timestamp “to”: is an hour behind the time set.
Hope someone can help me with a fix.
Thanks
Rasmus
the root_timezone is the timezone that is used for the user root that is hardcoded in Graylog present - nothing else.
The messages are stored in UTC - always - that is the reason you see the query beeing in the past. When you choose “all messages” as a timerage, did you see messages then?
I found the problem. My time settings was set to sunday being the first day in the week and I am used to monday being the first. So when I was setting the time I took the last day in the week. So my logging machine was a day in the future
