New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Better timerange for Show Received Messages button #3725

Merged
merged 1 commit into from Apr 24, 2017

Conversation

Projects
None yet
4 participants
@lennartkoopmann
Member

lennartkoopmann commented Apr 22, 2017

The old behaviour was to link to a search that only looked at the last 8 hours of data. I've come across a whole bunch of users who had messages with wrong timestamps and would only find them when searching in "All messages". This change makes the button link to a search over "All messages" instead, so users with timestamps in the past can find the messages and identify the issue.

Better timerange for Show Received Messages button
The old behaviour was to link to a search that only looked at the last 8 hours of data. I've come across a whole bunch of users who had messages with wrong timestamps and would only find them when searching in "All messages". This change makes the button link to a search over "All messages" instead, so users with timestamps in the past can find the messages and identify the issue.
@joschi

This comment has been minimized.

Contributor

joschi commented Apr 23, 2017

@lennartkoopmann The problem is, that this will kill reasonably loaded Elasticsearch clusters.

See #3366 for a related issue.

@billmurrin

This comment has been minimized.

Contributor

billmurrin commented Apr 23, 2017

Hope it is OK to add my thoughts to this discussion. Certain solutions will tag a record upon ingestion with a receipt time and then you still have the event time of the message. While this can be confusing for new users, I can see this sort of thing helping in this particular use case.

@lennartkoopmann

This comment has been minimized.

Member

lennartkoopmann commented Apr 23, 2017

@jochen I considered this and I think that the value of not confusing new users is higher. Most new users that I am seeing are sooner or later searching over "all messages" anyways.

The linked issue #3366 is having this problem with a function that is used more often and especially more often under production loads.

@edmundoa

Other than the issue @joschi mentioned, I'm fine with this change.

I think we can try it and see if it helps some people. We can always revert the change, if we see many broken setups.

@edmundoa edmundoa merged commit 515c5cd into master Apr 24, 2017

4 checks passed

ci-web-linter Jenkins build graylog-pr-linter-check 1509 has succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
license/cla Contributor License Agreement is signed.
Details

@edmundoa edmundoa deleted the received-messages-improvement branch Apr 24, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment