If raw event logs are not visible in the Incident tab of FortiSIEM, follow these steps to troubleshoot the issue.

1. Validate Data Collection: Verify that the device is properly set up and sending logs.
2. Confirm Log Sources: Ensure the device is active and correctly integrated into FortiSIEM.
3. Examine the Raw Event Tab: Investigate this section for logs, considering any filters affecting the Incident view.
4. Audit Data Retention: Check the retention configurations and available storage space.
5. Verify Parsing: Ensure that FortiSIEM can interpret the log format of the device. If logs are missing due to parsing challenges, validate the accuracy of FortiSIEM's parsing rules for the specific device or application.
6. Review Permissions: Ensure the user role has access to raw logs.
7. Review User Permissions: Confirm that the user role includes access to raw logs.
8. Evaluate Incident Filters: Double-check filters or policies that could restrict log visibility.
9. Monitor Collectors: Verify the functionality of collectors and workers.
10. Perform a System Health Assessment: Look for any system errors impacting log ingestion processes.