Problem query Graylog’s Elasticsearch with Grafana

LeDistordu · July 20, 2017, 2:34pm

I have graylog (2.2.3) and i want query its elasticsearch (2.4.4).

I add datasource elasticsearch 2x, i can query but when i query i dont have the same amount of data :

With same query on 5 minutes
From Graylog : 8796 data returned
From Grafana : 57 data returned

Grafana datasource configuration :
Index name : graylog*
Timestamp field name : timestamp
Pattern : no pattern
Version : 2.x

Why do not I get the same results?

jochen · July 20, 2017, 2:43pm

What query are you running exactly?
Which indices does Grafana use and which indices does Graylog use for the same query?

LeDistordu · July 20, 2017, 3:04pm

Graylog :

{
  "from": 0,
  "size": 150,
  "query": {
    "bool": {
      "must": {
        "query_string": {
          "query": "\"myrouter\" AND (\"990-D\" OR \"991-D\" OR \"default-D\")",
          "allow_leading_wildcard": true
        }
      },
      "filter": {
        "bool": {
          "must": {
            "range": {
              "timestamp": {
                "from": "2017-07-20 13:37:51.507",
                "to": "2017-07-20 13:42:51.507",
                "include_lower": true,
                "include_upper": true
              }
            }
          }
        }
      }
    }
  },
  "sort": [
    {
      "timestamp": {
        "order": "desc"
      }
    }
  ],
  "highlight": {
    "require_field_match": false,
    "fields": {
      "*": {
        "fragment_size": 0,
        "number_of_fragments": 0
      }
    }
  }
}

Grafana :

     {“search_type”:“count”,“ignore_unavailable”:true,“index”:“graylog*”}
    {“size”:0,“query”:{“bool”:{“filter”:[{“range”:{“timestamp”:{“gte”:“1500557461375”,“lte”:“1500557761375”,“format”:“epoch_millis”}}},{“query_string”:{“analyze_wildcard”:true,“query”:"“myrouter” AND (“990-D” OR “991-D” OR “default-D”)"}}]}},“aggs”:{“2”:{“date_histogram”:{“interval”:“2s”,“field”:“timestamp”,“min_doc_count”:0,“extended_bounds”:{“min”:“1500557461375”,“max”:“1500557761375”},“format”:“epoch_millis”},“aggs”:{}}}}

LeDistordu · July 20, 2017, 3:34pm

Indice on graylog :
graylog2_25
graylog2_24
graylog_docker_1
graylog_vyos_rt01_0
graylog_docker_2
graylog_vyos_rt01_1
graylog2_23
graylog2_22
graylog2_21

Indice for grafana data source : graylog*

jochen · July 20, 2017, 3:55pm

Try using the exact same query in Grafana that has been generated by Graylog.

Other than that, I suggest asking the Grafana community since this isn’t exactly an issue with Graylog.

system · August 3, 2017, 3:55pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
(Help! Urgent) Graylog + Grafana Graylog Central (peer support)	8	3028	March 5, 2021
Graylog's graph on Grafana Graylog Central (peer support)	7	5691	February 6, 2019
Graylog as a Grafana Datasource Graylog Central (peer support)	3	1140	August 24, 2020
Graylog3, ELK 6.x and Grafana Graylog Central (peer support)	10	1278	January 23, 2020
Problem with data graylog Graylog Central (peer support)	1	280	June 18, 2020

Problem query Graylog’s Elasticsearch with Grafana

Related topics