I have a weird situation here for which I am at a loss as to how to fix. I have setup a new input for a Cisco SourceFire device which is sending syslog UDP data. The Input screen shows no activity under “Throughput / Metrics”. And yet, if I go to the Sources menu, it is clearly listed as a source. I can even go to the search screen and enter “source:xyz” and it will list messages for that SourceFire device.
So, why does the input screen say it hasn’t received any data?