All Apps and Add-ons

Anyone else having issues with eStreamer app hanging?

cwilmoth
Path Finder

We have installed the eStreamer app on a Linux forwarder feeding up to our Windows indexers. It will work fine for a number of days and then all of a sudden we stop indexing data from it. We look in the logs on the forwarder and do not see any errors. The estreamer_client.pl script is still running but apparently doing nothing. If we kill the process, another one starts up after a short while and we start receiving defense center data again. However, it does not pick back up from the last point that we received data - so we have a gap that corresponds to how long it took us to realize that the data stopped coming in. The client check utility is no help here. Anyone else seen this? I hate to schedule a recurring restart of the process, but that is the path we are heading down right now.

Thanks.

0 Karma

reswob4
Builder

OK, I have had the same problem and like you I had not clues in any of the logs. I used your fix of killing the process and letting it restart and yup, started getting data again.

I used to have this problem on Another Siem, so I'm wondering if it has something to do with eStreamer rather than the collector....

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...