When running Data Replay on a new detection rule, I see errors such as the following:
There is no historical data for the selected log type
No Data in time range for the selected log types
Last replay failed during evaluation
An error occurred while evaluating historical log data
To resolve this issue:
- Please check if multiple replays were being run at once. If so, please try executing one data replay at a time and see if the error will clear.
- Verify that the time range is older than 24 hours.
- If the data is recently available (e.g. within 24 hours), please wait for 1 day and execute the replay again.
- Verify that the time range is within the last 30 days.
- Expand the time range for your Data Replay then try again.
Read more about Data Replay time constraints in the documentation.
If the error persists, please contact the Panther Support team.
This error typically means that the associated log type had no data for replay to process. If the data is recently available e.g. within 24 hours, this message may still appear since data is populated once a day.