When I use the Panther API to retrieve my Panther alerts with a SQL query to the data lake, I encounter inconsistencies or empty results, which is not the expected outcome.
Ensure that a delay of 1 to 5 minutes occurs after the alert is triggered.
This behavior occurs because there is a delay between when an alert is created and when the events are available in the data lake.