All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

cisco estreamer data logs

edgarsilva01
Path Finder
‎01-18-2021 12:18 PM


Hello everyone

I have a problem with cisco estreamer logs: data

Apparently there is an intermittence with the sending of logs, a couple of weeks ago the cisco certificate was configured and the logs began to arrive, after a while they stopped.

When we went to review, apply a restart to the indexer and the logs began to arrive.
we have had this problem for 3 weeks, sometimes when restarting the indexer no logs are received.

Anyone ever happened something similar?
or what may be happening.

thanks

Labels (2)
0 Karma
Reply

AhmadKhattak20
Explorer
‎02-26-2021 01:12 AM

@edgarsilva01 were you able to resolve this issue? Can you share the solution if so? Thanks

0 Karma
Reply

edgarsilva01
Path Finder
‎02-26-2021 07:07 AM

Hello, Ahmadkhattak20,

We have not solved it, we open a case in splunk and they do not support that app either.

The answer was the following


"Hope you are doing really well! My name is Russel Andrey.

After reviewing the information, I see that the support for this add-on is "Not Supported". Here you have more insights about App support types:

https://docs.splunk.com/Documentation/Splunkbase/splunkbase/Splunkbase/Appsupporttypes

As best effort from my side, here you have some information that can be helpful for you:

- This is the official documentation from the app: https://www.cisco.com/c/en/us/td/docs/security/firepower/670/api/eStreamer_enCore/eStreamereNcoreSpl...

In case the documentation or steps shared above are not working, I strongly suggest you creating your own question in our communities channel for further assistance. At this point, I will proceed archiving this support ticket."

Thanks for your comprehension.

 

edgarsilva01_0-1614351839281.png

 

Reply

scelikok
SplunkTrust
SplunkTrust
‎01-18-2021 12:30 PM

Hi @edgarsilva01,

I experienced this problem too but there is no solution because the problem is not on Splunk side. FMC stops sending data or sends extremely slow to the socket at that times. If restart on Splunk does not help, restarting e-streamer service on FMC should work.

You can create a bash script to check data delay and send restart to estreamer app on Splunk.

Another better workaround is if you are using V6.4 on Firepower, using syslog.

 

If this reply helps you a upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...