ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Splunk connector is showing as Red Critical in ATP 3.1.

book

Article ID: 172306

calendar_today

Updated On:

Products

Advanced Threat Protection Platform

Issue/Introduction

In the Advanced Threat Protection (ATP) User Interface (UI) the "Splunk connector is showing as Red Critical".

Cause

The service that manages Splunk forwarding was not resourced correctly. ATP 3.2 has increased the number of threads the service can use and the memory overhead. This will provide the service with enough resources to function persistently.

Resolution

This issue is resolved in ATP 3.2. If you are still on ATP 3.1 and cannot upgrade in a timely manner, please contact technial support for a hotfix to correct this.