In the Advanced Threat Protection (ATP) User Interface (UI) the "Splunk connector is showing as Red Critical".
The service that manages Splunk forwarding was not resourced correctly. ATP 3.2 has increased the number of threads the service can use and the memory overhead. This will provide the service with enough resources to function persistently.
This issue is resolved in ATP 3.2. If you are still on ATP 3.1 and cannot upgrade in a timely manner, please contact technial support for a hotfix to correct this.