QUESTION

Why is my log source drop-off alarm being activated when my log source is receiving data in the Panther Console?

ANSWER

This most commonly occurs when your log source needs a dedicated schema to support the incoming logs. For data to be considered "processed," the source needs to have an attached schema. The banner will disappear as soon as a schema is attached and an incoming event matches the schema.