Splunk shows critical in Advance Threat Protection (ATP) User Interface (UI).
Article ID: 170831
Advanced Threat Protection Platform
ATP UI shows a Red Critical on the Splunk connector.
This is issue has been fixed in ATP 3.1.0 build, please upgrade to ATP 3.1.0 or later.
- Log into the ATP UI and click on the Settings-> Data Sharing-> .
- Uncheck the "Enable" for the "Splunk Event Forwarding".
- Edit the Splunk Event Forwarding.
- Expand the "Show Filters" and edit the "Event Forwarded From" date to the day before.
- Save the setting and Check the Enable box to activate the Splunk connection.
- You should get a Healthy Green status.
- Monitor for week to make sure that the Splunk server is receiving data.