Field Last Data Ingested updated in my Panther log source but no data available in Search
QUESTION
The field Last Data Ingested has been updated indicating that new data has arrived in my Panther log source, but there's no viewable data yet in Search. What does that mean?
ANSWER
It takes from ~30 seconds to 1 minute from the moment that the field Last Data Ingested is updated until the data is available in Search. You can find more details about the Log Source Overview fields in the section Viewing the Log Source Overview from our documentation.
If the data is not visible in the Search, then it's possible that classification errors have been raised, which can be searched in the table panther_monitor.public.classification_failures. More relevant details for troubleshooting your log source are described in the article How come no data is coming in for a new S3 log source in Panther?.