How to search today only data in Graylog

Question

1.7k views Asked by user2131907 At 25 November 2024 at 05:17

I found that it's extremely hard to search "today-only" message in Graylog. Here is what I've tried so far:

Using keyword: today 00:00:00 +0800 to today 23:59:59 +0800
Using timestamp:["now/d" to "now+1d/d"] in query and select search all messages

None of them is working! :(

Does anyone have a working solution that can save my day? Thank you!

There are 2 answers

**Swisstone** · Answer 1 · 2020-12-21 15:27:48

Swisstone On 21 December 2020 at 15:27

Keywords are parsed by Natty. You can use the keyword today midnight to achieve what you want.

**Blackbox** · Answer 2 · 2020-12-23 20:39:13

Blackbox On 23 December 2020 at 20:39

Use the absolute time.

Something like:

Of course, it is much easier if you use the GUI.