All Apps and Add-ons

Does the Splunk Estreamer Encore App Support Connecting to Multiple FMC's?

Explorer

Just wondering if anyone knows if this is possible or has actually done it?

Reading 2 different documents I am getting conflicting information (from the Estreamer Encore Operations guide):-

Can I connect to more than one Firepower Managment Center(FMC)?
Currently not within a single instance. However, you can configure multiple instances as above

From the slides at conf2017
Multi-FMC Support
• Connect multiple FMCs to one instance
• Reduce complexity

0 Karma

Explorer

Just to follow up on this post, I have now managed to configure multiple instances of the Encore Estreamer application but I cannot get them running together. Each version is in a separate application and the configuration updated with different FMC's, certificates and logging locations.

When I restart Splunk it only attempts to start a single instance of splencore.sh although you can start the second instance manually it doesn't stay running. Is there something that I am missing or do you need set up something separate to ensure that both instances run?

0 Karma