Ubuntu 16.04 Rsyslog syslogs to Graylog 2.4 not showing in GUI

Dear All,

I have a ubuntu 16.04 server at 10.0.1.247 configured to send syslogs to a Graylog install at 10.0.1.177

The rsyslog on the ubuntu machine is configured as shown below

We can see the logs being received.

image.png1097x544 21.9 KB

Our input is configured as shown below.

If we look at the metric for the input, we can see messages as such

image.png867x511 33.8 KB

However, when we check the " show received messages" button we see no messages even with all messages time frame set.

The logs at /var/log/graylog-server/server.loog show nothing abnormal.

Any help on what is happening to the messages?

Kind Regards

Jake Smith

If you select a timeframe from the future - 1.1.2018 to 31.12.2018 did you see the messages?

If you check the time settings on the sender and graylog is that the same timezone?

Hi Jan,

System times are good

Time search in future obviously shows nothing

image.png846x298 17.1 KB

Any further suggestions?

Kind Regards

Jake

did you checked the system > indices page if something is saved in elasticsearch?

What timerange does the indices overview gives you? Maybe you just need to recalculcate the index range to fix that.

Hi Jan,

I did the recalculate index range under the maintenance tab on the default index and it resolved the issue.

Can you explain or point me to some resources so that I can understand how recalculating the index solves the issue. How do elasticsearch indexes lose their time range?

Cheers

Jake Smith

Graylog uses Elasticsearch via the REST API - it can happen that it is not able to hold the data about the range of one index for multiple reasons.

The best indicator is when the index range is written from 1.1.1970 to some day in the future. Then Graylog does not know what timerange can be found in what index.

We did not cover the multiple reasons and rare conditions in the documentation yet.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.