Hi guys.
I got trouble with our cluster graylog.Information about our cluster:
2 graylog nodes: 2 cores, 4GB ram.
3 elasticsearch nodes: 2 cores, 2GB ram.
and 1 mongodb rep.
All our configurations are default.
All our logs are about 5Gb/1 day.
And I see in a few days ago, input logs are not realtime.Here is capture:
How can I fix it in our configuration.

Hej @kieulam141

did you check the timezones?

This looks like time settings are not what you expect.

Hey Jan,
Thanks for replying me,
My exact problem is there are some mess have the same timestamp such as in my capture above.

are all send devices in the same timezone that graylog is configured?

You might need to correct that with an extractor / pipeline or at the sending system.

