Issue in Suricate rule

I am working on Lab " Effectively Using Suricata" Task 2.

I have written Suricata rule below, when i executed the rule no hits found

Rule: alert dns $HOME_NET any → any any (msg:“TROJAN Activity Detected DNS Query to Known Sofacy Domain 1”; dns_query; content:“”; nocase; isdataat:!1,relative; sid:1; rev:1;)

I have compared with lab solution rule and i didn’t find any difference, but still unable to find the reason. There’s no logs in fast.log.

Kindly assist about issue?