Troubleshooting

Troubleshooting Common Issues

Dashboard Not Loading

  1. Check your browser’s console for JavaScript errors

  2. Verify your user has permissions for SIEM dashboards

  3. Try refreshing the page or clearing browser cache

  4. Check if the time range is too large (reduce to last 24 hours)

No Data Showing

  1. Verify agents are connected (check agent status at top)

  2. Confirm time range includes when events occurred

  3. Check if filters are too restrictive

  4. Verify your user role has access to the data sources

Alerts Not Triggering

  1. Go to Alert Status tab and verify alert module is “RUNNING”

  2. Check Alert Rules List to confirm your rule exists

  3. Review rule configuration for syntax errors

  4. Verify the index pattern matches your data

  5. Check if the time window is appropriate for your rule

Performance Issues

  1. Reduce dashboard time ranges to improve loading

  2. Use filters to limit data volume

  3. Close unused dashboard tabs

  4. Contact administrator if cluster performance is poor

Integration with Other ELS Components

Connection to User Management

  • SIEM dashboards respect user roles defined in User Management

  • Different users see different data based on their permissions

  • Admin users can access all SIEM functionality

  • Regular users may have restricted access to sensitive data

Integration with Installation/Configuration

  • SIEM functionality depends on proper agent installation

  • Dashboard data comes from agents configured in Installation chapter

  • Alert forwarding uses email/notification settings from Configuration

Data Sources

  • Windows agents provide Windows dashboard data

  • Linux agents provide Linux dashboard data

  • Network devices provide firewall and infrastructure data

  • Applications provide custom security event data