A PAM node in a cluster was rebooted via PAM Client > Configuration > Power > [check the acknowledge box] > Click [Reboot Instance] and afterward Splunk did not receive any data from the PAM node.
This problem is affecting syslog server integrations as well.
It also may be observed after applying a hotfix that requires a reboot.
Release : 4.1.1, 4.1.2, upgraded from 4.1.0
The 4.1.1 and 4.1.2 upgrade patches, when upgrading from a previous 4.1.X release, inadvertently prevented a docker container required for sending log messages to a remote syslog server or Splunk from starting successfully after a reboot. The problem would not be noticed in a cluster environment right after the upgrade, because starting the cluster will get the container started.
In a cluster environment you can turn off the cluster and turn it back on to resolve the problem.
If you need to get the problem fixed w/o restarting the cluster, and cannot upgrade to 4.1.3+ yet, please open a case with PAM Support