Splunk recently announced an issue with their datetime.xml that can affect SEDR customers using the Splunk app starting January 1, 2020.  Customers using Splunk on-prem and Symantec’s Splunk app may see problems ingesting SEDR logs starting January 1, 2020, unless they update the datetime.xml file on their on-prem Splunk servers.

Details of the Splunk issues and patch options can be found here: https://docs.splunk.com/Documentation/Splunk/latest/ReleaseNotes/FixDatetimexml2020

Splunk Cloud customers will receive the fix on their Splunk Cloud instances automatically.