A few weeks ago I introduced Graylog at my work and so far my team is very satisfied with it. Our setup deals with approx. 1000 msg/s. However there is one missing piece of functionality which would make the life of my team much easier.
Often we spot a problem by searching for messages of severity Error. In order to understand the cause of an Error, we have a look at all (i.e. no message filter is active) other log messages around the same time. Hence always the following procedure starts:
1. We copy the timestamp of the Error message to the clipboard.
2. We clear the message filter.
3. We select the absolute time search.
4. We paste the timestamp to the From as well as to the To placeholder field.
5. We substract from the From time a few seconds.
6. We add to the To time a few seconds.
7. We click on "Search" and inspect the result in order to understand what caused the Error.
I would suggest to add a new button to the message panel:
"Show all messages within X seconds" where one would also need to add an input field for specifying X.
Alternatively the new functionality could be integrated to the "Actions" pulldown menu: Just add a new item "Show all messages within" with belonging sub-items: 1 second, 3 seconds, 10 seconds, ...
Keep on with the great work !!!