Hi all,
apologies if this has already been covered.
I've just gone through the process of getting a grok match written for a syslog entry which comes from a firewall.
I've got the relevant information being seen as fields on the left, but they are showing a question mark next to them.
Is it a case of waiting for them to be indexed or do I need to do anything?
Thanks