Unlike #42, this issue does NOT appear to be limited to the first 2 minutes after Sguil starts.
Pivoting to transcript seems to work fine when using the normal transcript option or when choosing the "Transcript (force new)" option on a new alert where I haven't pivoted to pcap previously. However, if I choose the "Transcript (force new)" option for a TCP stream that I've pivoted to before, I get one of two behaviors:
Unlike #42, this issue does NOT appear to be limited to the first 2 minutes after Sguil starts.
Pivoting to transcript seems to work fine when using the normal transcript option or when choosing the "Transcript (force new)" option on a new alert where I haven't pivoted to pcap previously. However, if I choose the "Transcript (force new)" option for a TCP stream that I've pivoted to before, I get one of two behaviors:
OR
Have you seen this issue before?
Thanks!