Hi there,

While Splunk Enterprise 8.2.7 isn't explicitly listed as compatible with Cisco FMC in the official compatibility matrix, there are workarounds and resources that can help you achieve integration:

Current Compatibility:

• The latest Splunk Enterprise version officially supported by Cisco FMC is 9.1.x. You can find the compatibility matrix here: https://www.cisco.com/c/en/us/td/docs/security/firepower/splunk/Cisco_Firepower_App_for_Splunk_User_...

Workarounds:

• Upgrade Splunk: Consider upgrading to Splunk Enterprise 9.1.x for guaranteed compatibility and access to the latest features.
• Cisco eStreamer App: Explore the Cisco eStreamer App for Splunk (https://splunkbase.splunk.com/app/3662). This app can forward events from FMC to Splunk, even if your Splunk version isn't officially supported.
• Manual Integration: If you're comfortable with coding, you might be able to develop a custom script to extract data from FMC and send it to Splunk.

Community Resources:

• Splunk Community: Check the Splunk community forums for discussions and solutions related to integrating FMC with older Splunk versions (https://community.splunk.com/).
• Cisco Support: Contact Cisco support to inquire about potential compatibility issues or workarounds for using FMC with Splunk 8.2.7.

Remember:

• Using unsupported versions might lead to unexpected behavior or limited functionality.
• Upgrading to the latest compatible versions is generally recommended for optimal performance and security.

~ If the reply helps, a Karma upvote would be appreciated