1.) make sure you don't have auto aknowledge set for DOS alerts. In your Policy applied, check the alert setting > Notifications > Auto Ack.
This setting will move alert straight to historical threat analyzer and will seem as if it never got sent to NSM (unless you open Historical RTA)
2.) Same goes for Global Auto Ack... in NSM > Manger > Misc > Global Ack (by threshold level)
You can also check "show inlinepacketdropstats" from sensor CLI. If the sensor is dropping packets in error, these counters will rise when checking these during the issue. The problem may be outside the scope of normal operation in which case I'd open up a case with Support.