Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Splunk Estreamer App with FMC

Recently updated FMC to  Estreamer client now only sends 5 or so events and then the estreamer client fails, both on Splunk and host-based client testing.   Also, the server does not seem to respond to changes in the event type delivery options.  Is the estreamer APP not compatible with FMC

New Member

After a reboot of the FMC,

After a reboot of the FMC, the reference client (latest supported version, have have tested encore) grabs events correctly, however, the estreamer splunk app client still fails after 5 or so events, and only discovery events.

Cisco Employee

The eNcore version is failing

The eNcore version is failing?  Its not clear to me which version you mean.

Could you email any details to please?



Same issue here, running

Same issue here, running eStreamer 2.2.1  (...). This work arround seems to fix this issue:


/usr/bin/perl /opt/splunk/etc/apps/eStreamer/bin/ -d -c /opt/splunk/etc/apps/eStreamer/local/estreamer.conf -l /opt/splunk/etc/apps/eStreamer/log/estreamer.log

Note: According to Splunk forums eStreamer may only fetch certain data (not all data type supported any more)

New Member

Re: Splunk Estreamer App with FMC

Have a look at

There's a known estreamer issue for sending corrupt messages with a few releases from this year. claims to have it fixed (posted August 30th) and (posted May 30th)

We've had a few QRadar customers run into this issue as well and I suspect this is the solution.