Hi Team,
I have the following setup:
- An OpenSearch instance with an index
data-alerts-<date> where all my alerts are written to
- Reflex-Soar instance with reflex agent configured with inputs that query OpenSearch alert index
data-alerts-* and process the events.
There is a difference between the number of processed events in the event queue and the document count in the OpenSearch alert index data-alerts-<date>.
The number of events titled "Malicious Email Detection" in the reflex-soar event queue for the past 24 hours is 5, whereas the number in the OpenSearch source index index data-alerts-<date> is approximately 60.
The agent logs did not contain any errors. Please advise on troubleshooting steps. Thank you
Hi Team,
I have the following setup:
data-alerts-<date>where all my alerts are written todata-alerts-*and process the events.There is a difference between the number of processed events in the event queue and the document count in the OpenSearch alert index
data-alerts-<date>.The number of events titled "Malicious Email Detection" in the reflex-soar event queue for the past 24 hours is 5, whereas the number in the OpenSearch source index index
data-alerts-<date>is approximately 60.The agent logs did not contain any errors. Please advise on troubleshooting steps. Thank you