Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

estreamer stopped getting streams

richkappler
Path Finder
‎01-17-2018 09:16 AM

We are running estreamer 2.2.2 (by latest entry in changelog) on our ad-hoc search head, v. 6.54 with Defense Center v. 5.4.

estreamer had been running fine since installation, there have been no config or setting changes made to the app, but on Jan 11 we restarted splunk on the ad-hoc sh to implement some config changes (timeout settings) unrelated to estreamer. The app has stopped receiving from that point. I have verified that it is running, taking to the DC:

ss -tanp | grep XXXXX (pid of estreamer)
ESTAB 0 0 XXX.XXX.XXX.XXX:XXXXX XXX (correct ip and port of DC) users:(("estreamer_clien",pid=XXXXX,fd=3))

There have been no config or setting changes to the Defense Center, the only thing that has been done is Splunk restarted.

I've read Douglas Hurd's responses to many estreamer questions regarding upgrading the app if using Firepower 6.X but we are not.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richkappler
Path Finder
‎01-17-2018 11:56 AM

SOLVED - Reinstalled pkcs certificate, reentered password, now receiving IDS data

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richkappler
Path Finder
‎01-17-2018 11:56 AM

SOLVED - Reinstalled pkcs certificate, reentered password, now receiving IDS data

0 Karma
Reply
Solved! Jump to solution

richkappler
Path Finder
‎01-17-2018 09:26 AM

Additional information I forgot to add in the main body:

I have disabled and re-enabled the app, I have run eStreamer/bin/estreamer_client.pl and it returns no errors, we had a maintenance window last night during which I restarted Splunk for other config changes again.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...