I have this issue as well, however I have no event type called wineventlog-dns, for me this happened after upgrading to 6.4.2, however I believe it started when I upgraded the windows infrastructure app https://splunkbase.splunk.com/app/1680/ ... View more

I would think the user would be the user that the Splunk instance is running under, is it not, this user already has appropriate file level rights? The user I passed to Soltra should have been a soltra only user. Perhaps my logic is wrong on this? ... View more

I've had some success, but I'm still not quite there. At this point I'm not sure if I've passed the parameters wrong in splunk for if I've done it wrong on Soltra. This is the message I get from Splunk in ES on the Threat Intelligence Audit status="Retrieved documents from TAXII feed" count="0" stanza="Soltra Edge" collection="admin.IPWatchlist" This is better than the error of being stuck on Polling which I had before. Does this mean I've messed up creating a feed? Thanks for your time. ... View more

Did you ever make progress on this? I just started building out my Soltra box with the idea to do the same thing. As I run across more relevant info I'll post here. ... View more