Hi,
I have already configured Suricata logs to be fowarded to ES through Filebeat. I am receiving the logs but this message still appears. I am using the Suricata module aswell
Which version of the Elastic stack are you using? And can you show an example from the Discover page that the suricata data is being ingested, just to ensure it enters correctly?
If the data is ingested then the bug is maybe just with the "Check Data" button. This wizard is just to help setting it up, so you can exit the page in the meantime, it does not have to pass