While attempting to search from logs over a very short period(1-2 seconds) I’m finding that logs that should be returned based on the “date” field of the log are not being returned. I typically have to expand the range to the 3-5 second range or greater to get the logs to return. Below is an example. I’m searching from a start time of “2021-04-09T16:44:26.455Z”. The sapi and scp log in the screenshot both have a date of “2021-04-09T16:44:26.466Z”. I assume then if I search over a range of 1 second
(date:[2021-04-09T16:44:26.455Z TO 2021-04-09T16:45:26.455Z]) those records should return but they don’t.
If I expand the range out to 3 seconds the sapi log shows up and to 5 seconds to get the scp operation.
at 3 seconds
at 5 seconds
Is the date field actually searching by date in the log? I assume the logs are written asynchronously, and the behavior looks more like it may be searching relative to when the log was written as opposed to the date on the log itself.