How to get Cisco eStreamer for Splunk to run in Sp...

johnbradley43 · ‎01-07-2015

Receive error when trying to run setup - is there a simple way to fix this without modifying the config manually?

Splunk could not perform action for resource apps/local/eStreamer (404, u'Splunk cannot find "apps/local/eStreamer/setup". [HTTP 404] https://127.0.0.1:8089/servicesNS/admin/eStreamer/apps/local/eStreamer/setup; [{\'text\': "\n In handler \'localapps\': Error while fetching url=/servicesNS/nobody/eStreamer/estreamer/configuration/estreamer/?_strict=true;search=%20eai%3Aacl.app%3D%22%22%20OR%20eai%3Aacl.app%3D%22eStreamer%22", \'type\': \'ERROR\', \'code\': None}]')

douglashurd · ‎08-17-2017

while we're on the topic, is this the app you are trying to use? https://splunkbase.splunk.com/app/3662/

The older (1629) app is going to cause you nothing but problems with FP 6.x.

douglashurd · ‎08-02-2017

A new Splunk Firepower solution is now available if you are using Firepower version 6.x. You can download the new eStreamer eNcore for Splunk and the separately installable dashboard from the two links below:

eStreamer eNcore
https://splunkbase.splunk.com/app/3662/

eNcore Dashboard
https://splunkbase.splunk.com/app/3663/

It is free to use and well documented but if you would like to purchase a TAC Support service so that you can obtain installation and configuration assistance and troubleshooting you can order the software from Cisco (support obligatory with this purchase). The Product Identifier is: FP-SPLUNK-SW-K9.

Regardless of whether you take up the support option or not, updated versions will be made available to all free of charge and posted on Splunkbase as well as Cisco Downloads.

koshyk · ‎08-12-2017

special Thanks Doug for rewriting the TA as it is well needed. Just few suggestions
1. Can you please upload the documentation from word-document to a wiki if possible? (as attachments are not available in some of our clients offices)
2. Is there any chance to have an FMC hosted in cloud ? (i'm not an expert in FMC), but would be very good to test the TA and estreamer in development/personal laptops before trying in enterprise environments

Cheers

douglashurd · ‎08-17-2017

can you please email me directly at dohurd@cisco.com re the FMC instance you might be able to access for testing?

On the document, I can mail that to you too.

You can download the Operations Guide form the splunkbase page here too: https://splunkbase.splunk.com/app/3662/

ppablo · ‎01-07-2015

From looking at the app's page https://apps.splunk.com/app/1629/ it looks like the issue might be that only Splunk 6.0 and 6.1 are currently supported.

johnbradley43 · ‎01-08-2015

Right - was wondering if there was a workaround for this and what is keeping it from working on 6.2. I'll keep researching.

Thanks

muralianup · ‎02-15-2016

I have a 6.0 version & e-Streamer still throwing error whenever I try to go to the setup page.

mekozloski · ‎08-22-2015

Did you find anything out on this?

How to get Cisco eStreamer for Splunk to run in Splunk 6.2?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?

How to get Cisco eStreamer for Splunk to run in Splunk 6.2?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?