Strange issue with a stream

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:

Have configured UDP logs from our watchguard firewall. I can see the messages coming in on the input.

I have configured a stream matching the Gl2_source_input.

When finding a message it says its routed into a stream and is going into an index.

However if i go in via the stream there are no results.

All my other streams are working, its also not in the default stream (check box selected to stop that)

Any ideas?

2. Describe your environment:

• OS Information:Ubuntu 24.04

• Package Version:6.3.3

• Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?

Recreated the stream, cant think what else to do

Did you “start” the stream or is it paused? you can see from the streams page that lists them all. That has bit me several times.

Yeah the stream is started as i can see other firewall entries in there. Just not the one one specific one. I loaded an example message and the rules match. not sure why this is happening

@Rick Could it be these messages are arriving with a timestamp that is either in the future or the past due to an unexpected timezone?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.