I am using Splunk 6.4 and the Cisco eStreamer for Splunk app. When I follow the steps to install the app and connect to Defense Center by:
1) Generate certificate in Defense Center, import to Splunk indexer
2) Edit estreamer.conf to provide
i) Defense Center IP
ii) certificate path
iii) provide password (none in my case)
3) Configure eStreamer app from within Splunk with similar parameters
I am not able to get the events streaming. The error that I get is "ERROR: There is no Defense Center defined."
Yes.
I was able to get it fixed by re-installing the app.
did this get resolved for you?