Hi there,

We’re running DUO Splunk connector (https://splunkbase.splunk.com/app/3504) for few years: version 1.1.3 on Splunk 7.0.

Recently we upgraded DUO Splunk connector 1.1.9 on Splunk to 9.0.0.1 using the same application setting (skey, ikey, api host). It works when first enabled, however, it stops collecting logs after running less than 60 minutes, with message, e.g.

[snipped]
11-11-2022 14:58:45.247 +0800 INFO ExecProcessor [4173186 ExecProcessor] - message from “/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/duo_splunkapp/bin/duo_input.py” PaginatedAuthenticationLog Params: {‘mintime’: ‘1665648592’}
11-11-2022 14:58:47.885 +0800 INFO ExecProcessor [4173186 ExecProcessor] - message from “/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/duo_splunkapp/bin/duo_input.py” Fetching page of Authentication Logs from adminapi, now=1668149927
11-11-2022 14:58:47.901 +0800 INFO ExecProcessor [4173186 ExecProcessor] - message from “/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/duo_splunkapp/bin/duo_input.py” Attempting to write timestamp: 1665649918, last_timestamp: 1665649918, mintime: 1665648592
11-11-2022 14:58:47.902 +0800 INFO ExecProcessor [4173186 ExecProcessor] - message from “/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/duo_splunkapp/bin/duo_input.py” Non-Legacy PaginatedEndPointLog timestamp detected: 1668144759
11-11-2022 14:58:47.903 +0800 INFO ExecProcessor [4173186 ExecProcessor] - message from “/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/duo_splunkapp/bin/duo_input.py” PaginatedEndPointLog timestamp from file: 1668144759, old mintime: 1665557927
1-11-2022 13:32:49.645 +0800 INFO ExecProcessor [4158501 ExecProcessor] - message from “/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/duo_splunkapp/bin/duo_input.py” Skipping Endpoint collection because it last ran within 86400 seconds from now(1668144769.645649).

Fallback to 1.1.3 on Splunk 7.0 works without problem.

Would anyone please help?
Thanks a lot.