As you can see, the ranking is not correct. I have checked the data and mapping, it is same and it is LONG. Why it not rank correctly i dont know. Any idea?
@ithfdemir
Hello,
My best guess would be is the server time of the sending server could be wrong?
Does the sending server include timezone information in the timstamp?
What version of Graylog do you have?
What type of input are you using ?
With the lack of information I’m not completely sure whats going on. Could you explain this in greater detail?
Hi, thanks for replying.
I’m using v.2.4.6, yes the coming message has timestamp in correct type and yes server time has configured correctly.
elapsedTime filter’s type is LONG
Hello,
Do you have a message that has the correct elapsedTime?
Was this working before or has this always been happening?
What kind of log shipper are you using? How did you configure you INPUT?
Any more details to help you out would be apperciated.
Actually there is nothing wrong with the data, configuration etc. The problem is here is just about listing elapsedTime lower to upper or upper to lower. When i click on arrows it just mixes, not listing correctly.
For some reason the screenshot you posted before won’t load anymore but I recall that it wasn’t mixing randomly, it was string sorting rather than number sorting. But you state the data type for the field is long. Are you sure that these are storing as long? Did you apply a custom index mapping? Are you using an extractor that converts the data to a number?
Has it ever sorted correctly for you? If it used to sort correctly and now it’s not I would suspect that the index has rotated and the data is now being stored as a string.
Please provide more information.
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.