Note that that new *.zip contains both: GeoLite2-ASN-Blocks-IPv4.csv and GeoLite2-ASN-Blocks-IPv6.csv.
This has been notified to Splunk engineering team via SOLNESS-17731. Currently, this framework does not support the ES and an ER was requested but closed as won’t fix. If you would like to use other subscription-based services you are welcome to do so.
In general, the third-party Intelligence Downloads are out of our control, which is why I guess the troubleshooting guide is so trite or to the point:
Attempt to visit the URL or curl the threat source manually.
Disable the intelligence source if it is no longer available to download.
Configure or stage your internal download locations for the MaxMind GeoIP data (e.g. GitHub)