Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Cisco Security Cloud Estreamer Issues

Rafaelled
Explorer
‎02-17-2026 10:14 AM

Good Afternoon,

I have been at war with the estreamer app for 2 weeks and I can not get this to work. Below is the current specs:

RHEL 9.5 With FIPS
Splunk 9.4.4 HF
FMC 7.4.2.4

Cisco Security Cloud 3.6.1

So I had issues with fips and the cert, i was able to fix that. I then ran into network connectivity issues and that was resolved. I can openssl with the estreamer cert to the FMC on port 8302 and have no issues connecting to it with TLS. The issue occurs when I set up the estreamer inputs on the Cisco Security Cloud app. When I put in the password and all the information the input fails and below are the logs of the issue. I cant seem to find anything online on this issue with estreamer.

Any help would be great, Thank you

2026-02-17 12:50:38,776 INFO [collect_events] validate_connection():195 Get test chunk of events for input test
2026-02-17 12:50:38,777 INFO [estreamer_connection] get_events():145 Getting events
2026-02-17 12:50:38,777 INFO [collect_events] validate_connection():205 Clean up after eStreamer validation process: test
2026-02-17 12:50:38,778 INFO [collect_events] validate_connection():211 Delete certificate files
2026-02-17 12:50:38,778 ERROR [sbg_fw_estreamer_input] validate_input():180 instance=test, error_type=Connection, error_code=error, error_detail=Struct error occurred, probably invalid format of data, traceback=unpack requires a buffer of 2 bytes, filter_value=sbg_fw_estreamer_input.py,

 

Labels (2)
Reply

ecentonze
Engager
3 weeks ago

I am hitting this same issue with FMC version 7.6.5 and Splunk 9.4.2

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...