Splunk connector version 2.14 in SOAR 6.0 Error

Splunk SOAR

I am trying to query a Splunk search head using the Splunk connector from SOAR. However, my playbook is giving an error in the action block with the below error:

Failed to connect to splunk server. HTTP Error 400: Bad Request (1235)

There are no issues of connectivity as I have tested the connectivity to our asset in the app and it has passed successfully.

Yet, my playbook is failing with the above error.

My playbook design consists of a format block that formats the simple SPL query as :

|makeresults|eval id="This is a test" |eval playbook="App upgrade splunk"|table _time id playbook

which is referenced in the action block that queries a Splunk Search Head using the Splunk app.

Any advise on the possible issue is much appreciated ?

Thanks in advance

Get Updates on the Splunk Community!

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

The Splunk Community is a powerful network of users, educators, and organizations working together to tackle ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Now Available on Microsoft AzureThursday, March 27, 2025 | 11AM PST / 2PM EST | Register NowStep boldly ...