Please where do i increase the number of logs i get from this dropdown. As it stands now, when i click on any (last 5 minutes, 1 day or maybe a month); i still get the same result (just a page) whereas i get logs every seconds. Thanks
When you select “Show All messages”, it will show all the messages in that Stream.
How many records does it return?
What is the current archival rule defined for the underlying Index?
If you are getting real time data, then Last 5 minutes would be showing different results always.
When i Select “Show All messages”, it shows only few hours logs. Like 70 messages. But i can no longer get logs for yesterday or the day before or any previous message logs.
What do u mean by this please and where do i check?: What is the current archival rule defined for the underlying Index?
If it shows only 70 messages when you select Show All messages, with Search=*, then it means that the Stream has only 70 messages.
Check the # of documents in ElasticSearch for the index set corresponding to that Stream
curl http://:9200/_cat/indices
replace IP with localhost or hostname or FQDN as applies in your setup.
When you create an Index set, you can specify how you want to decide the index rotation which can be on size, age, etc.
I got this after running the command:
green open graylog_0 q_pQZyjSR62je7jG_XzUjw 4 0 4242266 0 20.9gb 20.9gb
That output shows that there are 4242266 documents in your index.
I am surprised why it is not showing in your console.
It should show when you select “Show all messages” with Search=* unless there is some issue with @timestamp column in your index data.
This might be the reason since there is an indexing error.
Please review what is the error.
Are you using any extractors / pipeline rules?
Yea…5 extractors and lots of rules(close to 20)
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.