Version: Next

Known Issues

HEC Indexer Acknowledgement in Splunk Cloud

HEC Indexer Acknowledgment is not supported in Splunk Cloud and enabling this feature will lead to connection timeouts.

See https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/AboutHECIDXAck

Users missing when more than 1000 LDAP Users

Splunk only caches 1000 LDAP users by default.

As AME relies on the full user listing, it is recommended to increase the cache size by setting following limits.conf:

[ldap]
max_users_to_precache = <unsigned integer>
* The maximum number of users that are pre-cached from LDAP after
  reloading auth.
* Set this to 0 to turn off pre-caching.

VirusTotal False Positive

vsw.exe has been identified as malware [1] (false positive). The Go binary is utilized on Windows for license verification and incorporates a cryptographic function. The source code undergoes a review process by Splunk’s Cloud Vetting Process. Vendors have been notified to mark the binary as safe.

[1] https://www.virustotal.com/gui/file/1cb09276e415c198137a87ba17fd05d0425d0c6f1f8c5afef81bac4fede84f6a

HEC Indexer Acknowledgement in Splunk Cloud​

Users missing when more than 1000 LDAP Users​

VirusTotal False Positive​

HEC Indexer Acknowledgement in Splunk Cloud

Users missing when more than 1000 LDAP Users

VirusTotal False Positive