I’m quite new to graylog ecosystem, and I’m a trainee for a company that asked me to see the potential that graylog has by running tests, and trying to understand how graylog works.
I’m doing some dashboards and I came across something quite odd, at least for me but maybe there’s a perfect valid explanation.
So I’m looking to create a dashboard regrouping all events log by source and degree of severity.
The problem is that I noticed that some servers are missing because when I apply filter with the source that I want, I get some results.
Can someone please point me in the right direction as to why this occurs ? Does it have something to do with the way I set up my streams? I’m sorry as I can’t say anything more beacause of data confidentiality
In the example shown you are restricting the view to the last two hours - if sources have not reported anything within the filter over the past two hours, they would not show up… One possibility.
First of all, thank you very much for the reply.
I didn’t change the time whatsoever, I only applied a filter to the source. If I remove the filter, I have the list of all sources for the last 2 hours except the one mentioned in the screenshot. Is it more clear ?
Without any filter, it should show all the sources right? as in my case it doesn’t. I can’t wrap my head around this occurance.
By default, the returned results will be limited to the top 15 items.
If you click on the source tag under ‘Rows’ you can change that limit to whatever number you want.
I don’t know if this is the issue you’re encountering but, it’s worth taking a look.
Yes that was exactly the problem, thank you very much you’re a life saver.
Maybe I didn’t see this option on the documentation as I was reading it, my bad.
