Not Realtime input log


(Kieulam141) #1

Hi guys.
I got trouble with our cluster graylog.Information about our cluster:
2 graylog nodes: 2 cores, 4GB ram.
3 elasticsearch nodes: 2 cores, 2GB ram.
and 1 mongodb rep.
All our configurations are default.
All our logs are about 5Gb/1 day.
And I see in a few days ago, input logs are not realtime.Here is capture: https://prnt.sc/fc768r
How can I fix it in our configuration.
Thanks


(Jan Doberstein) #2

Hej @kieulam141

did you check the timezones?

This looks like time settings are not what you expect.


(Kieulam141) #3

Hey Jan,
Thanks for replying me,
My exact problem is there are some mess have the same timestamp such as in my capture above.


(Jan Doberstein) #4

are all send devices in the same timezone that graylog is configured?

You might need to correct that with an extractor / pipeline or at the sending system.


(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.