ATP event forwarding to Splunk stops occassionally and cannot be restarted. No incoming ATP data can be seen on Splunk side.
1) Graphs in Splunk ATP App have no data.
2) tcpdump command does not show any traffic between ATP and Splunk:
admin> tcpdump -nn -i any port 8088
3) ATP Splunk Event Forwarding stuck on older date - can be verified by checking "Event Forwrded Until", which normally should not be showing a past date
This issue was addressed in ATP3.0. Please upgrade to ATP3.0 at your earliest convenience.