Version: 3.1.0

Known Issues

HEC Indexer Acknowledgement in Splunk Cloud

HEC Indexer Acknowledgment is not supported in Splunk Cloud and enabling this feature will lead to connection timeouts.

See https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/AboutHECIDXAck

Users missing when more than 1000 LDAP Users

Splunk only caches 1000 LDAP users by default.

As AME relies on the full user listing, it is recommended to increase the cache size by setting following limits.conf:

[ldap]
max_users_to_precache = <unsigned integer>
* The maximum number of users that are pre-cached from LDAP after
  reloading auth.
* Set this to 0 to turn off pre-caching.

HEC Indexer Acknowledgement in Splunk Cloud​

Users missing when more than 1000 LDAP Users​

HEC Indexer Acknowledgement in Splunk Cloud

Users missing when more than 1000 LDAP Users