SIEM agent is no longer forwarding events to Splunk
When running the SIEM agent command with the -d to output to a debug log, it shows the error Too Many Values
If there is too much data for the SIEM agent to download, it will result in the error.
The SIEM agent creates 2 files to mark where it left off last. export_log.lock and last_job.status. If those files are removed, or if too much time has passed since the SIEM agent last ran, it could result in too many events to download
Run the SIEM command with a - -start_date parameter to limit the amount of data being pulled from CloudSOC. Once this runs successfully, the start date can be increased to include more data, or the --start_date parameter can be removed completely.