I am still getting logs from a server/vm that has been turned off. I even turned off all my inputs one by one to see which input the messages were coming from but new messages were still showing up. I “unplugged” the vmnic to see if that would stop it, but the server is still showing new messages coming in. I shut the server down gracefully and brought it back up and I am still getting messages. Any ideas as to what to do next? I could do a “graylog-ctl reconfigure” but I don’t know if that will fix things or possibly make things worse. Any ideas would be most appreciated. Thanks in advance.
The messages have an incorrect timestamp “in the future”. This typically happens if the messages contain no or an incorrect timezone information.
The messages were still in the journal and are only processed now. This typically happens if the processing (extractors, pipeline rules) takes too long or the outputs, i. e. Elasticsearch, are slow.
