Unable to send HTTP Post / crosszoneha

I am using the Github project crosszoneha to provide active/standby failover for 2 firewalls in AWS. The issue I am having is I can't send an HTTP post to the API Gateway using the filtered Systems logs. No requests make it out to the API gateway even though I have attached an email profile that is sending out email when the system log filtered conditions are met. I can do a Send Test Log, and that completes successfully. We see that request come in to API Gateway and Cloudwatch. We are running all the defaults for the HTTP (payload, parameters, etc..). All the security groups between the API Gateway and the Palos are wide open (we can ping the API GW from the Palo's mgmt port). What could possibly cause the HTTP Post to work fine during the Send Test Log, but not when the System log filter matches?