Hi @douglashurd
I have upgraded to the latest version but I am encountering this error message when i am starting encore:

2019-11-15 21:59:36,939 Diagnostics ERROR The FMC eStreamer server has closed the connection. There are a number of possible causes which may show above in the error log.\n\nIf you see no errors then this could be that:\n * the server is shutting down\n * there has been a client authentication failure (please check that your outbound IP address matches that associated with your certificate - note that if your device is subject to NAT then the certificate IP must match the upstream NAT IP)\n * there is a problem with the server. If you are running FMC v6.0, you may need to install "Sourcefire 3D Defense Center S3 Hotfix AZ 6.1.0.3-1"\n
2019-11-15 21:59:36,940 Controller ERROR ConnectionClosedException: Connection closed\nTraceback (most recent call last):\n File "$SPLUNK_HOME/etc/apps/TA-eStreamer/bin/encore/estreamer/controller.py", line 244, in start\n diagnostics.execute()\n File "$SPLUNK_HOME/etc/apps/TA-eStreamer/bin/encore/estreamer/diagnostics.py", line 96, in execute\n response = connection.response()\n File "$SPLUNK_HOME/etc/apps/TA-eStreamer/bin/encore/estreamer/connection.py", line 181, in response\n dataBuffer = self.__read( 8 )\n File "$SPLUNK_HOME/etc/apps/TA-eStreamer/bin/encore/estreamer/connection.py", line 158, in __read\n raise estreamer.ConnectionClosedException('Connection closed')\nConnectionClosedException: Connection closed\n
2019-11-15 21:59:36,940 Controller INFO Stopping...
2019-11-15 21:59:36,940 Monitor INFO Stopping Monitor.
2019-11-15 21:59:36,941 Controller INFO Goodbye

Hi

I am having the same issue with the new app 3.6.8
https://splunkbase.splunk.com/app/3662/

and FMC v6.4.0.7

I can collect the logs a few minutes (cisco:estreamer:data) and then i received
"Process subscriberParser is dead"

any idea ?
thanks a lot

Hi @vinz2020  ,

Did you ever manage to resolve this? We are running into the same issue now

We use the app ver. 4.6.0 on Splunk 8.1.3 with an FMC version of 6.6.0 and are encountering the same issue

It would seem 6.4.0 was released with a couple of bugs. My instance just failed 3-4 days after install. Upgrade to 6.4.2.

Yes I fixed it ... but unfortunately I can't remember how 😕

Now I am running app 4.6, Splunk 8.1.3 and FMC 6.5

Thanks. @vinz2020  Any thing that you can recollect and provide inputs will be highly appreciated.

Recently we upgraded FMC from 6.x to 7.x and noticed no data was being streamed into the /opt/splunk/etc/apps/TA-eStreamer/bin/encore/data/splunk directory.  We then started getting a firewall error when testing the connection..

Does anyone know if FMC 7.x is compatible with the TA-eStreamer add-on? 

./splencore.sh test
Diagnostics ERROR [no message or attrs]: Could not connect to eStreamer Server at all. Are you sure the host and port are correct? If so then perhaps it is a firewall issue.

For me, it turned out to be an incorrect FMC IP. Post proper IP configuration it worked 
Splunk - 9.2.0.1
eStreamer - 5.2.9