No Alerts, but SO says it's good

[AUniqueNameJpeg]

For reference: I am running SO in a VM through Proxmox, and installed the Standalone version. 16 GB, 1GB network speed, 250 GB storage, 4 cores.

SO had a reset after a month of running, and once it rebooted, I have not been getting any alerts in the Alerts tab. I have upgraded through soup, checked so-status, checked the Grid, and SO tells me that it is okay. I check my mirror port with a tcpdump- the traffic comes through fine, there are no problems there. I checked salt-minion and there was a hanging process; I killed that and checked the systemctl status and I fixed that, but I still do not get any alerts regarding network traffic. I have integrated pfSense logs to SO, I still get those. I have an agent setup on my Linux laptop, I still get those. The only thing that is not working are the alerts for network traffic.

Before this hiccup, it was working as intended. I had no problems coming up to this point, and my Alerts tab did previously work.

If there is a component's logs that you would like for me to share, please do. I tried to check ElastAlert and Elasticsearch logs, and they seemed to be fine. Something to note is that my salt-call fails:

local:
Data failed to compile:

The function "state.highstate" is running as PID 3087951 and was started at 2025, Oct 10 14:11:09.721326 with jid 20251010141109721326

I attached a txt file of my sosetup output. Thanks.

setup.txt

[cm-ops]

That output is just saying there is a highstate currently running.

Do you see a Suricata eve log being genereated for the current date/time in /nsm/suricata/? If so, check your Elastic agent to make sure it has the Suricata logs integration, if it does, next look at the Logstash log in /opt/so/log/logstash/ for any clues.