I'm getting started with using the ELK platform for our syslog data collection and have setup devices to send their data to our machine. I'm noticing that when running visualizations and other reports there is about a 17 minute delay from the current time to when data begins showing up. (If I use the last 15 minute filter nothing displays, however using 30 minutes I begin to see data)
I'm sure this is a simple configuration step I've missed since I'm new to all this, but was wondering if anyone else has seen this and can point me in the right direction.
Any help would be great! Thanks!