New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Index ranges handling still not working correctly, no data returned for absolute search times - See #1409 #1463

Closed
drewmmiranda opened this Issue Oct 5, 2015 · 5 comments

Comments

Projects
None yet
3 participants
@drewmmiranda

drewmmiranda commented Oct 5, 2015

See #1409

Summary: New indices are not properly indexed to allow absolute time value searches

I previously thought this happened only when retention was run and the oldest index is deleted, but I increased by maximum indicies value and the bug still occurs anytime a new index is created.

Test Case

  1. Graylog server has reached the maximum number of messages that the active index can hold
  2. Cycled deflector from <gl2cluster_95> to <gl2cluster_96>
  3. Index ranges recalculated at this time
  4. Absolute time range search for messages inside of the new index time range are not found. (I incorrectly though keyword time searches worked, but they do not)
  5. The last available time range that can be searched with absolute time value is exactly right before the timestamp when the index rolled over to a new index.

Log Data

2015-10-01 16:48:43.396 -05:00   624db1f1-aa4c-4161-88a4-84772961ee43   Cycled deflector from <gl2cluster_95> to <gl2cluster_96>
2015-10-01 16:48:43.488 -05:00   624db1f1-aa4c-4161-88a4-84772961ee43   SystemJob <2f58c001-6886-11e5-bd72-0050568e386c> [org.graylog2.indexer.ranges.CreateNewSingleIndexRangeJob] finished in 95ms.
2015-10-01 16:48:44.618 -05:00   624db1f1-aa4c-4161-88a4-84772961ee43   SystemJob <2f5871e0-6886-11e5-bd72-0050568e386c> [org.graylog2.indexer.ranges.CreateNewSingleIndexRangeJob] finished in 1226ms.
2015-10-01 16:49:13.588 -05:00   624db1f1-aa4c-4161-88a4-84772961ee43   Flushed and set <gl2cluster_95> to read-only.
015-10-01 16:49:13.599 -05:00    624db1f1-aa4c-4161-88a4-84772961ee43   Optimizing index <gl2cluster_95>.
2015-10-01 16:49:13.601 -05:00   624db1f1-aa4c-4161-88a4-84772961ee43   SystemJob <2f58c000-6886-11e5-bd72-0050568e386c> [org.graylog2.indexer.SetIndexReadOnlyJob] finished in 208ms.
2015-10-01 16:55:11.963 -05:00   624db1f1-aa4c-4161-88a4-84772961ee43   SystemJob <4159f8f0-6886-11e5-bd72-0050568e386c> [org.graylog2.indexer.indices.jobs.OptimizeIndexJob] finished in 358363ms.
@drewmmiranda

This comment has been minimized.

drewmmiranda commented Oct 13, 2015

Any update on looking into this? I can provide data as needed, let me know.

@mstipanov

This comment has been minimized.

mstipanov commented Nov 18, 2015

Any update on this? When I search using relative time, I'm getting results, but when I switch to absolute I get nothing :(

@joschi

This comment has been minimized.

Contributor

joschi commented Nov 18, 2015

@mstipanov That sounds like a different problem. Please file a separate bug report with examples for this issue.

@mstipanov

This comment has been minimized.

mstipanov commented Nov 18, 2015

@joschi

This comment has been minimized.

Contributor

joschi commented Jan 11, 2016

Related to #1672 (and will be fixed in Graylog 1.3.3).

@joschi joschi closed this Jan 11, 2016

@joschi joschi added the bug label Jan 11, 2016

@joschi joschi added this to the 1.3.3 milestone Jan 11, 2016

@joschi joschi self-assigned this Jan 11, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment