I got trouble with our cluster graylog.Information about our cluster:
2 graylog nodes: 2 cores, 4GB ram.
3 elasticsearch nodes: 2 cores, 2GB ram.
and 1 mongodb rep.
All our configurations are default.
All our logs are about 5Gb/1 day.
And I see in a few days ago, input logs are not realtime.Here is capture: https://prnt.sc/fc768r
How can I fix it in our configuration.
did you check the timezones?
This looks like time settings are not what you expect.
Thanks for replying me,
My exact problem is there are some mess have the same timestamp such as in my capture above.
are all send devices in the same timezone that graylog is configured?
You might need to correct that with an extractor / pipeline or at the sending system.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.