Data Source WAF FORTINET Timezone:
Distribution Event Waf
PARSER RULES WAF
Why the waf fortinet not correlation the events in the time and, also not correlation all the events?
The last time is three hours in the past.
Is the problem that you're missing events from a data source? What is the time zone configured on the Fortinet? Did you take that screenshot at 09:25 Santiago time?
Also, change "Support Generic Syslogs" to Log Unknown to ensure everything is being parsed as you expect.