Hello,
Only couple ideas for delay messages come to mind. Ensure Date/time is correct on both the server and Client. Check logs on the server (i.e., Graylog, Elasticsearch, etc…) maybe something in there might help. Check resources (CPU, RAM) sometime running out of resources can cause a glitch. Do you have Extractors or pipelines Configured?
I’m assuming this maybe a Virtual machine ?
Since this is only 10-15 delay I don’t think it’s a Time Zone issue, There should be two timestamps, 1 for Elasticsearch when it indexed those messages and 1 for the original message from that device, you can see the date/time with the message
You can check here
OR Here
Below is an example of a message sent at 17:25:31 ( 5:25 PM) and did not get indexed till 17:45:40 (5:45 PM)
This issue was a result of resources, elasticsearch could not keep up during busy hours. I would need to either separate ES from Graylog/MongoDb or add more resource to this single node.
