mobidevadmin
commented
8 years ago had same issue when first installed Snorby. The issue was that suricata in my case (could be snort in yours) generated too many events. There is a special procedure for dashboard which selects all events for the last 30 minutes and updates the caches table (might be wrong). So if your barnyard or whatever you are using for parsing snort logs still, let's say, 1 hour behind snort unified log, you don't see anything in dashboard.
Try to leave couple rules which generate couple events per hour. That should help you to narrow down the issue.
sec-u
I'm running snort on a pfsense box and snorby on a ubuntu box.
The main dashboard that show's the Event Count vs. Time By Sensor is flatlined at 0 and the High/Medium/Low Severity Boxes all read 0.
I can see events being logged in Snorby if I click on "Events" or on "View Events" under my Sensors.