I hope everyone is doing well under this unusual circumstances. This is my first post and inquiry so I’ll try to be as precise as possible.
I have 3 Windows DC’s configured and each has its own Input. Throughput statistics shows that the messages are coming (attached pic). However, when I click on Show received messages, two out of three inputs shows no messages. Basically, I can find logs only from host02. Since I am not maintaining the whole infrastructure, I was wondering if such issue may be related to configuration on domain controllers log collectors (in order to submit a ticket to support) or maybe relates to Graylog server wrong setting I might missed (something that I can try to fix). Thanks.
The “show received messages” in basic shows the all messages. But you are right, it is a possible mistake if you try to search for a message. So it’s only a half point.
Graylog time and timezone is fine. However, I’ll set to check timezone on symptomatic DC’s. I also verified indexer failures, it is clean. I’ll post info upon resolution.
Hello, thank you for the suggestion. I do not have access to host operating system, it is being maintained by third party, but I will instruct them to check server.conf file. At this time I verified time configuration at System/Overview and it seems correct. Since I receive messages from 1 of 3 domain controllers, I will push support to inspect settings on the domain controllers. Graylog inputs looks correct.
It turns out that solarwinds log forwarder was installed on domain contollers for which logs were missing. Engineer was unable to resolve the issue with logs being forwarded to Graylog but there were no logs after all. Eventually he removed solarwinds and installed nxlog. Messages are now being received and available. We solved our problem, but there might be an issue that relates to solarwinds log forwarder and Graylog.
