I am trying to integrate this solution into Splunk but I am finding problems. The most relevant as far is the number of retrieved events.

I use the official event collector app Radware CWAF Event Collector | Splunkbase

It works via API user and I found that the number of events in Splunk doesn't match with the events in cloud console. After opening a support ticket with Radware they told me that the problem is the "pulling rate" for API configuration in my Splunk.

I have been trying to find how to configure this "pulling rate" in Splunk but I found nothing.

Do you know how to solve this parameter or how do you solve this integration?

This is exactly what they told me:

Our cloudops team checked to see if there are any differences between the CWAF and the logs that are sent to your SIEM. They found that there is a queue of logs that are waiting to be pulled by your SIEM. Therefore, we do not have any evidence that the issue is with the SIEM infrastructure.

For example, if we send 10 events per minute and the SIEM is pulling 5 per minute, this will create a queue of logs.

Unfortunately, we cannot support customer-side configuration. It might be more helpful to consult with the support team for the SIEM you are using, as the interval might be the "Pulling Rate."