CB Response Cloud: CB Event Forwarder Not Sending Events to Splunk After July 31, 2019
search cancel

CB Response Cloud: CB Event Forwarder Not Sending Events to Splunk After July 31, 2019

book

Article ID: 285172

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Events are not appearing in Splunk after July 31, 2019.

Environment

  • CB Response Cloud: All Versions
  • Event Forwarder: 3.5.1 and Higher
     

Cause

CB-Event-Forwarder was upgraded from all previous versions in use to v3.5.1 near the end of July, and a change was included that requires an update on the Splunk Receiver.

Resolution

  1. Confirm that the Splunk Receiver is running the latest add-on version.
  2. If an upgrade to the Splunk Add-on is required then follow the steps found in the guide.
  3. If the problem remains, please open a case with Carbon Black Technical Support.

Additional Information

Logs will still be generated during this time, since they are uploaded to the S3 Bucket.