The throughput of events from the Symantec Endpoint Detection and Response (SEDR) appliance to Splunk is very low.
A configuration issue caused the the low end platform configuration to be loaded which caused the EDR to use smaller batch sizes
Broadcom Engineering has resolved this issue in EDR version 4.7.0. Please update to EDR 4.7.0 to receive this fix.