Not Realtime input log

(Kieulam141) #1

Hi guys.
I got trouble with our cluster graylog.Information about our cluster:
2 graylog nodes: 2 cores, 4GB ram.
3 elasticsearch nodes: 2 cores, 2GB ram.
and 1 mongodb rep.
All our configurations are default.
All our logs are about 5Gb/1 day.
And I see in a few days ago, input logs are not realtime.Here is capture:
How can I fix it in our configuration.

(Jan Doberstein) #2

Hej @kieulam141

did you check the timezones?

This looks like time settings are not what you expect.

(Kieulam141) #3

Hey Jan,
Thanks for replying me,
My exact problem is there are some mess have the same timestamp such as in my capture above.

(Jan Doberstein) #4

are all send devices in the same timezone that graylog is configured?

You might need to correct that with an extractor / pipeline or at the sending system.

(system) closed #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.