Forwarding Issues
Issue:
- Splunk Add-on for Salesforce is unable to make API calls and no data is collected from the Forwarder. (Error messages from Add-on)
Root Cause:
- KV Store is down. Splunk Add-on for Salesforce uses the KV Store service in data collection, so KV Store should be up and running. The License is not supporting KV Store.
Query: index="_internal" * Splunk_TA_salesforce* log_level="Error
2024-01-30 13:18:33,594 ERROR pid="29989" tid="MainThread
file=sfdc_object_helper.py:stream_events:529 | Encountered an error.
Traceback: Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_salesforce/lib/splunklib/binding.py",...
splunklib.binding.HTTPError: HTTP 402 Payment Required -- Requires license feature='KVStore'
Solution:
- Use Splunk License which includes KV Store feature. KV store feature should be enabled