Hi there, While Splunk Enterprise 8.2.7 isn't explicitly listed as compatible with Cisco FMC in the official compatibility matrix, there are workarounds and resources that can help you achieve integration: Current Compatibility: The latest Splunk Enterprise version officially supported by Cisco FMC is 9.1.x. You can find the compatibility matrix here: https://www.cisco.com/c/en/us/td/docs/security/firepower/splunk/Cisco_Firepower_App_for_Splunk_User_Guide.html Workarounds: Upgrade Splunk: Consider upgrading to Splunk Enterprise 9.1.x for guaranteed compatibility and access to the latest features. Cisco eStreamer App: Explore the Cisco eStreamer App for Splunk (https://splunkbase.splunk.com/app/3662). This app can forward events from FMC to Splunk, even if your Splunk version isn't officially supported. Manual Integration: If you're comfortable with coding, you might be able to develop a custom script to extract data from FMC and send it to Splunk. Community Resources: Splunk Community: Check the Splunk community forums for discussions and solutions related to integrating FMC with older Splunk versions (https://community.splunk.com/). Cisco Support: Contact Cisco support to inquire about potential compatibility issues or workarounds for using FMC with Splunk 8.2.7. Remember: Using unsupported versions might lead to unexpected behavior or limited functionality. Upgrading to the latest compatible versions is generally recommended for optimal performance and security. ~ If the reply helps, a Karma upvote would be appreciated ... View more