Troubleshooting
Analyst | Administrator10 min
What it's for
Resolve the most common issues in Logs, alerts, integrations, and notifications.
Log query fails or returns no data
- | Symptom | Likely cause | What to do |
- | 0 rows | Integration without data or short range | Verify ingestion; expand to `Last 7d` |
- | SQL error | Invalid query | Format SQL and SQL Intellisense Help |
- | Timeout | Query too broad | Reduce columns and time range |
- | `No logs to display` | No query run | Open Query Editor or Run Query |
Alerts don't appear
- | Symptom | Likely cause | What to do |
- | Empty list | Rule disabled or no matches | Check Detection Rules → rule enabled |
- | Active filters | Status/severity/date | Clear; try `All Statuses` |
- | New rule | Engine hasn't evaluated yet | Wait for evaluation cycle |
Integration doesn't ingest
- | Symptom | What to do |
- | `Integration is disabled` | Enable switch in list |
- | Error starting ingestion | Read message; Refresh integration |
- | Delayed data | Normal during processing; verify in Logs with `Last 24h` or `Last 7d` |
Notifications not arriving
- 1. Verify channel enabled in Notifications.
- 2. Confirm correct webhook URL.
- 3. Verify rule has channel assigned in Rule Management step.
Contact
- Support email: [email protected]
- On login: Need access? Contact us