You have configured Event Stream with multiple channels and added inputs into Splunk with the Symantec SOC View App for Splunk. Only one of the configured channels is working, and the others are getting an error 400 message from the Integrated Cyber Defense Manager (ICDm).

After creating the first input in Splunk, the additional inputs for more channels were cloned from the first. This resulted in information unique to one channel being brought over to the additional channel inputs.

Delete and re-create the broken inputs, without cloning, to ensure they start clean and pull down the oldest available events.