Syslog events from Watchguard firewall not appearing

Hi there,
I have upgraded to 7.9 across the board and syslog events aren't showing up in security as they previously did in SEIM.

I am bringing these in via Logstash with a config file that reformats them, and I can see these records imported succesfully in Elastic - I have added a Kibana index for the appropriate data and I have added that index to the Security setting for Elastic indices, but no data turns up in the Security Overview pane. I have also enabled all the detection rules, except the ML ones (basic license).

When I go to Detections, I get the following error:

   Your visualisation has error(s)
   Data Fetch Failure
   Invalid regular expression: /\/: \ at end of pattern

I've not created any visualisations - everything is as it comes out of the box.
I'm sure I'm not giving you enough information to assist me, so what else can I provide that will help us resolve this issue?

Thank you!
John.

Hi @finbarr996,

What I think is going on is if you go to:

Stack management / Advanced settings

And look for the defaultIndex pattern for security solutions like below:

Screen Shot 2020-09-01 at 11.33.31 AM1324×374 20.1 KB

Check to see if you have an extra \ somewhere like my replicated version. In my replicated version I end up with the same type of errors you are seeing:

Screen Shot 2020-09-01 at 11.33.37 AM1266×708 58.6 KB

Nicely spotted - there was an additional trailing comma, which when removed solved the problem - Thank you!