Syslog events from Watchguard firewall not appearing

Hi there,
I have upgraded to 7.9 across the board and syslog events aren't showing up in security as they previously did in SEIM.

I am bringing these in via Logstash with a config file that reformats them, and I can see these records imported succesfully in Elastic - I have added a Kibana index for the appropriate data and I have added that index to the Security setting for Elastic indices, but no data turns up in the Security Overview pane. I have also enabled all the detection rules, except the ML ones (basic license).

When I go to Detections, I get the following error:

   Your visualisation has error(s)
   Data Fetch Failure
   Invalid regular expression: /\/: \ at end of pattern

I've not created any visualisations - everything is as it comes out of the box.
I'm sure I'm not giving you enough information to assist me, so what else can I provide that will help us resolve this issue?

Thank you!

Hi @finbarr996,

What I think is going on is if you go to:

Stack management / Advanced settings

And look for the defaultIndex pattern for security solutions like below:

Check to see if you have an extra \ somewhere like my replicated version. In my replicated version I end up with the same type of errors you are seeing:

Nicely spotted - there was an additional trailing comma, which when removed solved the problem - Thank you! :slightly_smiling_face: