Cisco Firepower eNcore App for Splunk for multiple...

hr_t2000 · ‎12-26-2020

HI

I have splunk with Cisco estreamer eNcore App for ONE FMC, it works fine for single FMC

BUT , i have four fmc in netowrk .

how i add multiple fmc in one splunk

please help me

thanks

scelikok · ‎12-26-2020

Hi @hr_t2000,

Unfortunately eStreamer client supports connection to only one FMC. You should use separate Splunk Heavy Forwarder instances for each FMC.

If this reply helps you , an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

hr_t2000 · ‎12-26-2020

thanks for reply

excuse me , are you sure ?

Because , this link

https://community.splunk.com/t5/Splunk-Enterprise-Security/How-to-connect-multiple-instances-of-Cisc...

said it possible .🙄😕

scelikok · ‎12-27-2020

Yes, it is an option but that way it becomes custom solution, upgrades and debugging may be a problem. I used eStreamer app and noticed performance problems on python if there is high volume of data. That is why if you run 4 instance on the the same host, it may be nightmare.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

Cisco Firepower eNcore App for Splunk for multiple FMC

configuration

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation