Getting Data In

Cisco Estreamer failing after Splunk 8.1.1 upgrade

rpoiri101
Explorer

I'm running a heavy forwarder on Redhat which I recently upgraded to Splunk Enterprise 8.1.1. Most apps survived the upgrade without issue. The Splunk estreamer app (https://splunkbase.splunk.com/app/3662/) however, doesn't seem to be working anymore. It works for a little while, but then I get the following:

 

Monitor ERROR [no message or attrs]: ProxyProcess[name=subscriberParser].request(status) timeout

This is often appears soon after this:

ERROR [no message or attrs]: 'View' object has no attribute '_View__isHex'\n'View' object has no attribute '_View__isHex'Traceback (most recent call last):\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/baseproc.py", line 209, in receiveInput\n self.onReceive( item )\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/pipeline.py", line 350, in onReceive\n _do( items )\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/pipeline.py", line 344, in _do\n self.onEvent( item )\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/pipeline.py", line 338, in onEvent\n decorate( item['record'], self.settings )\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/pipeline.py", line 185, in decorate\n settings.cache(), record ).create()\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/metadata/view.py", line 532, in create\n if(self.__isHex(hex32)) :\nAttributeError: 'View' object has no attribute '_View__isHex'\n

I've tried downloading the latest version of the app, no change. To get it working again, I have to disable the 3 scripts that bring in the data, kill the PID's running the estreamer, then re-enable the scripts. Sometimes it works again for a few hours. Sometimes a few minutes. Any suggestions? 

Also, something worth mentioning: I noticed when I go to manage apps, there's no "set up" option for this add on or the firepower splunk app, which is normally where I'd do the config for this. 

 

 

 

Labels (3)
0 Karma

src_pwn3d
Loves-to-Learn

I have the same problem with Splunk version 8.0.2

Did you solve this problem?

0 Karma

rpoiri101
Explorer

Yes, the devs ended up fixing it in the latest version of the add on

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...