All Apps and Add-ons

Cisco eStreamer eNcore Add-on for Splunk: Why am I getting this error?

ccsfdave
Builder
2017-09-20 10:35:35,559 estreamer.subscriber ERROR    EncoreException: The server returned an invalid version (0) - expected 1. This is likely to be caused by CSCve44987 which is present on both FMC 6.1.0.3 and 6.2.0.1. For more information see: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve44987. Message={'version': 0, 'length': 0, 'messageType': 1}\nTraceback (most recent call last):\n  File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/subscriber.py", line 219, in start\n    self.__tryHandleNextResponse()\n  File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/subscriber.py", line 158, in __tryHandleNextResponse\n    message = self.connection.response()\n  File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/connection.py", line 203, in response\n    raise estreamer.EncoreException( errMsg.format( version, str(message) ))\nEncoreException: The server returned an invalid version (0) - expected 1. This is likely to be caused by CSCve44987 which is present on both FMC 6.1.0.3 and 6.2.0.1. For more information see: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve44987. Message={'version': 0, 'length': 0, 'messageType': 1}\n

I am getting an error pointing at this bug.

Any thoughts on a fix?

0 Karma
1 Solution

douglashurd
Builder

You will need to patch to 6.1.0.5.

View solution in original post

douglashurd
Builder

You will need to patch to 6.1.0.5.

ccsfdave
Builder

I will let the SME decide which path to follow - I'll accept which works for us - realizing that both may be a fix

0 Karma

ccsfdave
Builder

The SME updated to 6.2.2.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...