https://community.splunk.com/t5/Getting-Data-In/Cisco-Security-Cloud-Estreamer-Issues/m-p/758434#M120240 <P>Good Afternoon,<BR /><BR />I have been at war with the estreamer app for 2 weeks and I can not get this to work. Below is the current specs:<BR /><BR />RHEL 9.5 With FIPS<BR />Splunk 9.4.4 HF<BR />FMC&nbsp;<SPAN class="">7.4.2</SPAN><SPAN>.</SPAN><SPAN class="">4</SPAN></P><P><SPAN class="">Cisco Security Cloud&nbsp;<SPAN>3.6.1</SPAN><BR /><BR />So I had issues with fips and the cert, i was able to fix that. I then ran into network connectivity issues and that was resolved. I can openssl with the estreamer cert to the FMC on port 8302 and have no issues connecting to it with TLS. The issue occurs when I set up the estreamer inputs on the Cisco Security Cloud app. When I put in the password and all the information the input fails and below are the logs of the issue. I cant seem to find anything online on this issue with estreamer.<BR /><BR />Any help would be great, Thank you</SPAN></P><LI-CODE lang="markup">2026-02-17 12:50:38,776 INFO [collect_events] validate_connection():195 Get test chunk of events for input test 2026-02-17 12:50:38,777 INFO [estreamer_connection] get_events():145 Getting events 2026-02-17 12:50:38,777 INFO [collect_events] validate_connection():205 Clean up after eStreamer validation process: test 2026-02-17 12:50:38,778 INFO [collect_events] validate_connection():211 Delete certificate files 2026-02-17 12:50:38,778 ERROR [sbg_fw_estreamer_input] validate_input():180 instance=test, error_type=Connection, error_code=error, error_detail=Struct error occurred, probably invalid format of data, traceback=unpack requires a buffer of 2 bytes, filter_value=sbg_fw_estreamer_input.py,</LI-CODE><P>&nbsp;</P> Tue, 17 Feb 2026 18:14:51 GMT Rafaelled 2026-02-17T18:14:51Z https://community.splunk.com/t5/Getting-Data-In/Cisco-Security-Cloud-Estreamer-Issues/m-p/758434#M120240 <P>Good Afternoon,<BR /><BR />I have been at war with the estreamer app for 2 weeks and I can not get this to work. Below is the current specs:<BR /><BR />RHEL 9.5 With FIPS<BR />Splunk 9.4.4 HF<BR />FMC&nbsp;<SPAN class="">7.4.2</SPAN><SPAN>.</SPAN><SPAN class="">4</SPAN></P><P><SPAN class="">Cisco Security Cloud&nbsp;<SPAN>3.6.1</SPAN><BR /><BR />So I had issues with fips and the cert, i was able to fix that. I then ran into network connectivity issues and that was resolved. I can openssl with the estreamer cert to the FMC on port 8302 and have no issues connecting to it with TLS. The issue occurs when I set up the estreamer inputs on the Cisco Security Cloud app. When I put in the password and all the information the input fails and below are the logs of the issue. I cant seem to find anything online on this issue with estreamer.<BR /><BR />Any help would be great, Thank you</SPAN></P><LI-CODE lang="markup">2026-02-17 12:50:38,776 INFO [collect_events] validate_connection():195 Get test chunk of events for input test 2026-02-17 12:50:38,777 INFO [estreamer_connection] get_events():145 Getting events 2026-02-17 12:50:38,777 INFO [collect_events] validate_connection():205 Clean up after eStreamer validation process: test 2026-02-17 12:50:38,778 INFO [collect_events] validate_connection():211 Delete certificate files 2026-02-17 12:50:38,778 ERROR [sbg_fw_estreamer_input] validate_input():180 instance=test, error_type=Connection, error_code=error, error_detail=Struct error occurred, probably invalid format of data, traceback=unpack requires a buffer of 2 bytes, filter_value=sbg_fw_estreamer_input.py,</LI-CODE><P>&nbsp;</P> Tue, 17 Feb 2026 18:14:51 GMT https://community.splunk.com/t5/Getting-Data-In/Cisco-Security-Cloud-Estreamer-Issues/m-p/758434#M120240 Rafaelled 2026-02-17T18:14:51Z https://community.splunk.com/t5/Getting-Data-In/Cisco-Security-Cloud-Estreamer-Issues/m-p/760460#M120462 <P>I am hitting this same issue with FMC version 7.6.5 and Splunk 9.4.2</P> Fri, 24 Apr 2026 16:47:02 GMT https://community.splunk.com/t5/Getting-Data-In/Cisco-Security-Cloud-Estreamer-Issues/m-p/760460#M120462 ecentonze 2026-04-24T16:47:02Z