Splunk Estreamer App with FMC 6.2.0.1

Unanswered Question
May 6th, 2017
User Badges:

Recently updated FMC to 6.2.0.1.  Estreamer client now only sends 5 or so events and then the estreamer client fails, both on Splunk and host-based client testing.   Also, the server does not seem to respond to changes in the event type delivery options.  Is the estreamer APP not compatible with FMC 6.2.0.1?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bo3500001 Sun, 05/07/2017 - 13:20
User Badges:

After a reboot of the FMC, the reference client (latest supported version, have have tested encore) grabs events correctly, however, the estreamer splunk app client still fails after 5 or so events, and only discovery events.

Same issue here, running eStreamer 2.2.1  (...). This work arround seems to fix this issue:


#!/bin/bash

/usr/bin/perl /opt/splunk/etc/apps/eStreamer/bin/estreamer_client.pl -d -c /opt/splunk/etc/apps/eStreamer/local/estreamer.conf -l /opt/splunk/etc/apps/eStreamer/log/estreamer.log

Note: According to Splunk forums eStreamer may only fetch certain data (not all data type supported any more)



Actions

This Discussion