To set the scene: A message with timestamp “
2019-01-04 14:31:22.263Z” exists in a stream. When I view this stream and select “Search in all messages” and search for field
foo = B (
foo:"B") it will show up in the list of messages.
Now, at 14:45 (UTC), I change the dropdown to “Search in the last 2 hours”, then click the magnifying glass to update the search, and… no messages are found.
I’m kind of stumped as to why this happens, because the message is most definitely within the last 2 hours, yet will not show up in a relative search, neither does it with an absolute search. Only when I select “Search in all messages” do they show up.
This is currently kind-of-sort-of making our devs a little unhappy so any answers welcome.
Additional info: I’m using my admin account to do this; messages are processed through pipeline OK (debug statements verify this). Timestamp field in the message is listed as above.