Dear all, when I click on show recived messages the page just keep on loading. there is no errors on the log file. Messages are coming through rsyslog onto port 5140 and I can see activities on In 90 / Out 90 msg/s those numbers changes however when I click on Input / then s show received messages from the UDP node it keeps on loading and loading without retrieving anything similar is for TCP node. Please help.
If your Elasticsearch up and running?
Did you have the same if you just click the search tab?
Hi Jan,
Yes elasticsearch is running and it is GREEN, when I click on search tab I don’t get the same problem it’s just that it doesn’t find things that I want to search.
Regards
Brian
when you look into “all messages” did you find anything?
and if you remove “java” and just display all messages?
Can it be that messages are not being recorded hence why I see activity but no messages when I search?
hard to tell - but did you checked when you select a specific date from today to some day in future and check if you find message then?
What is the amount of messages you see in system > indices ?
Hi Jan,
amount of messages is Total: 1 index, 6,052,502 documents, 2.2GB.
if you don’t mind I can share teamviewer session with you for just 15 minutes to see if you can’t notice something odd
Regards
Brian
He Brian,
so you have logs in the system - but maybe the time of the events is in the future. You would need to play with the dates you query. All messages searches from now into the past and not in the future.
If you want to have exclusive help, you should contact Sales for professional service ( https://www.graylog.org/contact-sales ). But this is the community board where help is given on a volunteer level.
Hi Jan,
I understand, this variable root_timezone = UTC could it be the problem since the country that I am at is GMT+2?
please read the comments above the setting
Internal Graylog is working always with UTC, this setting is only how/what the root user uses as timezone.
Hi Jan, I am running Centos 7.5 x86_64 as the OS installed ElasticSearch 5.6.3 with MongoDB 3.6.5 and GrayLog Server 2.4.5 are these okay to operate?. If you have compatibility matrix kindly share with me because in a case like mine I suspect it is compatibility issue.
you can find the requested information in the documentation http://docs.graylog.org/en/2.4/pages/installation/operating_system_packages.html
You have the data in your Elasticsearch - but I guess that the time is your problem.
Hi Jan,
If you were in my case what would you do to resolve this issue?
Regards
Brian
-
recalculate index set( http://docs.graylog.org/en/2.4/pages/configuration/index_model.html#keeping-the-index-ranges-in-sync )
you can do that in the UI too - on the maintenance tab - check the elasticsearch content via REST API
- play with the search time choose absolute time. From some years in the past to some years in the future
- check the time on the sender if that fits the Graylog server time.
Thanks Jan, now I am able to see messages after following that link to recalculate index set.
Last question I have, if I tar the /var/lib/elasticsearch and import it on another server that runs graylog-server would that be enough since elasticsearch saves messages and Mongo only stores metadb and configs?
Last question I have, if I tar the /var/lib/elasticsearch and import it on another server that runs graylog-server would that be enough since elasticsearch saves messages and Mongo only stores metadb and configs?
what is your goal?
In general I would not advice to do this - taking the database dir from one server copy it over to another - unless you know exactly what you do and when todo.
Thanks a lot for all your effort to assist me, now my graylog is functioning properly.
Really appreciate it. 