Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Cisco Secure eStreamer Client Autolookup estreamer_fw_action commented out

elee_splunk
Loves-to-Learn Everything
‎07-06-2021 11:00 AM

After updating our TA we realized the action field autolookup wasn't working anymore. Digging through the TA I see in the props.conf the autolookup "LOOKUP-estreamer_fw_action" is commented out. Is there a reason this was done?

 

@douglashurd - Can you please advise. Thanks!

Labels (1)
Labels
0 Karma
Reply

douglashurd
Builder
‎07-06-2021 04:42 PM

Thanks for the question.  A few questions:

What event type did you lose the field in?

What version of the TA are you using?

Please email the details to encore-community@cisco.com for a slight quicker response.

 

Thanks,

 

Doug

0 Karma
Reply

elee_splunk
Loves-to-Learn Everything
‎07-07-2021 09:30 AM

I lost action field in the firewall rule logging cisco:estreamer:data. There is a field called fw_rule_action but there is supposed to be an autolookup that translates the fw_rule_action to action. 

I am using 4.6.0 but I downloaded and check 4.6.1 and 4.6.2 and all of them have the line for the autolookup commented out.

I have emailed encore-community@cisco.com for further support. 

 

Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...