How to search today only data in Graylog

Question

I found that it's extremely hard to search "today-only" message in Graylog. Here is what I've tried so far:

Using keyword: today 00:00:00 +0800 to today 23:59:59 +0800
Using timestamp:["now/d" to "now+1d/d"] in query and select search all messages

None of them is working! :(

Does anyone have a working solution that can save my day? Thank you!

score 0 · Answer 1 · answered Dec 21 '20 at 15:27

0

Keywords are parsed by Natty. You can use the keyword today midnight to achieve what you want.

answered Dec 21 '20 at 15:27

Swisstone

Unfortunately, this wont work. It will still show extra data that's not in the date range – user2131907 Dec 24 '20 at 01:33

score 0 · Answer 2 · answered Dec 23 '20 at 20:39

0

Use the absolute time.

Something like:

Of course, it is much easier if you use the GUI.

answered Dec 23 '20 at 20:39

Blackbox

Thanks. But how can I combine this with dashboard? – user2131907 Dec 24 '20 at 01:33

2 Answers2