We have monitoring  for verifyAccountPassword events in Splunk which is not triggering logs since 8/19/2021.   ( Below is the last logs we have )

Below is the splunk query we use to query metric data.

index=main sourcetype="xsuite"  NOT "CAPAM_bind" type=verifyAccountPassword   (hostname="pxxxx")

however  we are able to see below logs in splunk 

hostname = mxxxxx, created = 2021-09-01 18:17:21, detail = PAM-CMN-1989: Ending session recording reconciliation. 0 session recording rows added to table. 0 sidecar(.inf) files added to share. 0 nearly empty files deleted from share., dom_name = undef, h_id = undef, ip_source = undef, local_ip_source = undef, log_id = 32936494005, machine_id = \xE0\xC4
+.›\xA41GܠH\x9B 
\xFE|\xAB\x80\x81, port = undef, public_ip_source = undef, pvr_id = undef, s_name = undef, sessionID = undef, target_account = undef, task_name = undef, trans_type = system, u_name = sessionReconciliation,

We need help in confirming  PAM is sending the data to Splunk or not.

Release : 3.4

Component :

An outage on the splunk forwarder that PAM was configure to send data to caused our splunk forwarder to halt.

If you reset/update the configuration in the Symantec PAM GUI for the splunk forwarder it will automatically try to restart the services.