<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic estreamer stopped getting streams in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/estreamer-stopped-getting-streams/m-p/309659#M93490</link>
    <description>&lt;P&gt;We are running estreamer 2.2.2 (by latest entry in changelog) on our ad-hoc search head, v. 6.54 with Defense Center v. 5.4.&lt;/P&gt;

&lt;P&gt;estreamer had been running fine since installation, there have been no config or setting changes made to the app, but on Jan 11 we restarted splunk on the ad-hoc sh to implement some config changes (timeout settings) unrelated to estreamer. The app has stopped receiving from that point. I have verified that it is running, taking to the DC:&lt;/P&gt;

&lt;P&gt;ss -tanp | grep XXXXX (pid of estreamer)&lt;BR /&gt;
ESTAB      0      0      XXX.XXX.XXX.XXX:XXXXX              XXX (correct ip and port of DC)                users:(("estreamer_clien",pid=XXXXX,fd=3))&lt;/P&gt;

&lt;P&gt;There have been no config or setting changes to the Defense Center, the only thing that has been done is Splunk restarted.&lt;/P&gt;

&lt;P&gt;I've read Douglas Hurd's responses to many estreamer questions regarding upgrading the app if using Firepower 6.X but we are not.&lt;/P&gt;</description>
    <pubDate>Wed, 17 Jan 2018 17:16:14 GMT</pubDate>
    <dc:creator>richkappler</dc:creator>
    <dc:date>2018-01-17T17:16:14Z</dc:date>
    <item>
      <title>estreamer stopped getting streams</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/estreamer-stopped-getting-streams/m-p/309659#M93490</link>
      <description>&lt;P&gt;We are running estreamer 2.2.2 (by latest entry in changelog) on our ad-hoc search head, v. 6.54 with Defense Center v. 5.4.&lt;/P&gt;

&lt;P&gt;estreamer had been running fine since installation, there have been no config or setting changes made to the app, but on Jan 11 we restarted splunk on the ad-hoc sh to implement some config changes (timeout settings) unrelated to estreamer. The app has stopped receiving from that point. I have verified that it is running, taking to the DC:&lt;/P&gt;

&lt;P&gt;ss -tanp | grep XXXXX (pid of estreamer)&lt;BR /&gt;
ESTAB      0      0      XXX.XXX.XXX.XXX:XXXXX              XXX (correct ip and port of DC)                users:(("estreamer_clien",pid=XXXXX,fd=3))&lt;/P&gt;

&lt;P&gt;There have been no config or setting changes to the Defense Center, the only thing that has been done is Splunk restarted.&lt;/P&gt;

&lt;P&gt;I've read Douglas Hurd's responses to many estreamer questions regarding upgrading the app if using Firepower 6.X but we are not.&lt;/P&gt;</description>
      <pubDate>Wed, 17 Jan 2018 17:16:14 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/estreamer-stopped-getting-streams/m-p/309659#M93490</guid>
      <dc:creator>richkappler</dc:creator>
      <dc:date>2018-01-17T17:16:14Z</dc:date>
    </item>
    <item>
      <title>Re: estreamer stopped getting streams</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/estreamer-stopped-getting-streams/m-p/309660#M93491</link>
      <description>&lt;P&gt;Additional information I forgot to add in the main body:&lt;/P&gt;

&lt;P&gt;I have disabled and re-enabled the app, I have run eStreamer/bin/estreamer_client.pl  and it returns no errors, we had a maintenance window last night during which I restarted Splunk for other config changes again.&lt;/P&gt;</description>
      <pubDate>Wed, 17 Jan 2018 17:26:40 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/estreamer-stopped-getting-streams/m-p/309660#M93491</guid>
      <dc:creator>richkappler</dc:creator>
      <dc:date>2018-01-17T17:26:40Z</dc:date>
    </item>
    <item>
      <title>Re: estreamer stopped getting streams</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/estreamer-stopped-getting-streams/m-p/309661#M93492</link>
      <description>&lt;P&gt;SOLVED - Reinstalled pkcs certificate, reentered password, now receiving IDS data &lt;/P&gt;</description>
      <pubDate>Wed, 17 Jan 2018 19:56:41 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/estreamer-stopped-getting-streams/m-p/309661#M93492</guid>
      <dc:creator>richkappler</dc:creator>
      <dc:date>2018-01-17T19:56:41Z</dc:date>
    </item>
  </channel>
</rss>

