All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Cisco Secure eStreamer Client Add-On | Install Location

jmr
Explorer
‎09-08-2023 10:10 AM

My organization is a Splunk Cloud subscriber, and I am working on installing the Cisco Secure eStreamer Client Add-On. Currently, on-prem, we have one Heavy Forwarder (enterprise server) and two UF forwarding events to our cloud indexer.

I am wondering what is the best practice for installing the eStreamer Client Add-On. Does the eStreamer Client Add-On have to be installed on the HF or can it go on the UF?

I previously installed it on the HF, but it caused errors with I/O latency (there are many millions of events coming from the Cisco FMC). I'm wondering if there is any way to distribute the load - I know the UF is better for handling many events.

Any help would be greatly appreciated.

 

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎09-08-2023 04:16 PM

The add-on requires Python so it must be installed on a HF.  This is per the docs at https://www.cisco.com/c/en/us/td/docs/security/firepower/70/api/eNcore/eNcore_Operations_Guide_v08.h...

Consider standing up a separate HF for eStreamer inputs.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎09-08-2023 04:16 PM

The add-on requires Python so it must be installed on a HF.  This is per the docs at https://www.cisco.com/c/en/us/td/docs/security/firepower/70/api/eNcore/eNcore_Operations_Guide_v08.h...

Consider standing up a separate HF for eStreamer inputs.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

jmr
Explorer
‎09-08-2023 04:18 PM

Thank you. 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...