Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Splunk for eStreamer
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk for eStreamer
Configured the eStreamer app in Splunk with no issues. Had to load one perl module then usage options presented themselves. Cert is copied over. Verified port open. I'm getting no logs from sourcefire. In addition, there is no log generated to see what is not working. Can I get direction to start troubleshooting this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We would love to see windows support for this app. At least if we could get the streamer to collect data on it we could manually ferret through the data.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What do the client status messages indicate? Have you enabled verbose logging on the client (done through Settings), to generate a log file in $APP_PATH/bin/estreamer_debug.log? Both of these can help with troubleshooting.
Make sure you're on the latest version (1.0.5) to be able to take advantage of the verbose logging and more detailed client status messages.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Actually, the problem is more than likely the fact that it's a Windows install. I have only ever done dev and testing against Unix platforms. I guess I need to update the app description to make this clear. I apologize for the trouble and time spent. I'll look into Windows support for future versions.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk is installed on D of a windows OS. I was able to add python path entries in the system variables pointing to it's location. When I run client_check.py, I now get event_sec=1394810177 status_id=-1 status="ERROR: The app has not yet been setup.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is the client status message?
Keep in mind you will need to stop and restart the client every time setting changes are made. I know this isn't clear in the current version, but I'm trying to make it more clear in future versions.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for responding. Verbose logging is set. There is no created log $APP_PATH/bin/estreamer_debug.log. I'm on 1.0.5.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Observability Simplified: Combining User Experience, Application Performance & ...
Event Series May & June: From Network Visibility to Service Intelligence
Global Splunk User Group Events: May + June 2026
