Getting Data In

Cisco Estreamer failing after Splunk 8.1.1 upgrade

rpoiri101
Explorer

I'm running a heavy forwarder on Redhat which I recently upgraded to Splunk Enterprise 8.1.1. Most apps survived the upgrade without issue. The Splunk estreamer app (https://splunkbase.splunk.com/app/3662/) however, doesn't seem to be working anymore. It works for a little while, but then I get the following:

 

Monitor ERROR [no message or attrs]: ProxyProcess[name=subscriberParser].request(status) timeout

This is often appears soon after this:

ERROR [no message or attrs]: 'View' object has no attribute '_View__isHex'\n'View' object has no attribute '_View__isHex'Traceback (most recent call last):\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/baseproc.py", line 209, in receiveInput\n self.onReceive( item )\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/pipeline.py", line 350, in onReceive\n _do( items )\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/pipeline.py", line 344, in _do\n self.onEvent( item )\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/pipeline.py", line 338, in onEvent\n decorate( item['record'], self.settings )\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/pipeline.py", line 185, in decorate\n settings.cache(), record ).create()\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/metadata/view.py", line 532, in create\n if(self.__isHex(hex32)) :\nAttributeError: 'View' object has no attribute '_View__isHex'\n

I've tried downloading the latest version of the app, no change. To get it working again, I have to disable the 3 scripts that bring in the data, kill the PID's running the estreamer, then re-enable the scripts. Sometimes it works again for a few hours. Sometimes a few minutes. Any suggestions? 

Also, something worth mentioning: I noticed when I go to manage apps, there's no "set up" option for this add on or the firepower splunk app, which is normally where I'd do the config for this. 

 

 

 

Labels (3)
0 Karma

src_pwn3d
Loves-to-Learn

I have the same problem with Splunk version 8.0.2

Did you solve this problem?

0 Karma

rpoiri101
Explorer

Yes, the devs ended up fixing it in the latest version of the add on

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...