can you please check which python version you are running? I am asking because I had an issue on customer where they were running Centos 8 and the python version that was running was python 3.6... I also saw the same exit code at logs.
run the script ./splencore.sh test at TA-eStreamer/bin...if you are getting this message:
./splencore.sh test
Traceback (most recent call last):
File "./estreamer/preflight.py", line 33, in
import estreamer.crossprocesslogging
File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/init.py", line 27, in
from estreamer.connection import Connection
File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/connection.py", line 22, in
import ssl
File "/opt/splunk/lib/python2.7/ssl.py", line 98, in
import _ssl # if we can't import it, let the error propagate
ImportError: libssl.so.1.0.0: cannot open shared object file: No such file or directory
then, do this to fix it:
Install Python 2.7
Edit the python script “splencore.sh” at /opt/splunk/etc/apps/TA-eStreamer/bin and remove # from this line #SPLUNK_HOME=/opt/splunk
!/bin/sh
debug
set -x
Uncomment #SPLUNK_HOME=/opt/splunk
SPLUNK_HOME=/opt/splunk
vars
pid='-1'
configFilepath="estreamer.conf"
pybin="python"
basepath="$SPLUNK_HOME/etc/apps/TA-eStreamer/bin/encore/"
isRunning=0
save it, restart splunk service.
The python error was fixed, and after a couple of minutes the data is being receiving properly.
Also try to play around the Data configuration at addon, on the customer, I select the option " Connections? This is a very high-volume option and may consume significant network and storage usage"
These were the steps I took to fix the issue on customer. I hope this can help you.
... View more