×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ChangSeun
Engager
Member since: ‎11-21-2016
‎06-05-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎11-21-2016
Activity Feed
View All

Re: How to configure a second instance of Cisco eS...

by in All Apps and Add-ons
‎02-02-2017 06:45 AM
‎02-02-2017 06:45 AM
Hi, so, if you already changed the path in conf files, i guess you just need to kill the old process and start the new one with the workaround. You'll need to repeat the operation everytime you restart Splunk though or script it. ... View more

Re: How to configure a second instance of Cisco eS...

by in All Apps and Add-ons
‎01-16-2017 04:30 AM
‎01-16-2017 04:30 AM
Not really a solution but a workaround, start eStreamer client with this command in your /opt/splunk/etc/apps/eStreamer2/bin folder : estreamer_client.pl -c /opt/splunk/etc/apps/eStreamer2/local/estreamer.conf -d -l /opt/splunk/etc/apps/eStreamer2/log/eStreamer2.log -d to start client as daemon (so it doesn't get killed with your session's ending). -l with path/to/log/directory/file_name_format.log Put that in rc.d or launch it manually and it should do it until a better solution is found. Regards, ... View more

Re: How to configure a second instance of Cisco eS...

by in All Apps and Add-ons
‎12-29-2016 01:08 AM
‎12-29-2016 01:08 AM
@douglashurd do you have any idea on how to change the path where the perl script puts the log files ? Changing it from eStreamer app folder to eStreamer2 app folder. ... View more

How to configure a second instance of Cisco eStrea...

by in All Apps and Add-ons
‎12-20-2016 05:41 AM
‎12-20-2016 05:41 AM
Hi, I have several Defense Center (without Master Defense Center) and therefore I am trying to run multiple instances of Cisco eStreamer for Splunk on my Splunk server to interface with all my DCs. Here's what I did: So far I have duplicated eStreamer original app directory with a different name like "eStreamer2". I edited local/estreamer.conf with correct IP and pks path. I have created a new index associated to the eStreamer2 app so I can search logs related to a specific DC. The index looks into $SPLUNK_HOME/etc/apps/eStreamer2/log folder for logs. I changed the index field in default/inputs.conf with the name of the index created before, changed the path on monitor section and left everything else the same. I changed the paths in default/indexes.conf to match newly created index name. I changed definition field in default/macros.conf to match newly created index name. I start the client by running estreamer_client.pl -c /opt/splunk/etc/apps/eStreamer2/local/estreamer.conf command. I see logs flowing in the CLI but nothing is populating the $SPLUNK_HOME/etc/apps/eStreamer2/log folder therefore logs are not indexed. What did I forget ? Where do you specify to the script the path to put logs in ? Regards, ... View more

Re: Can we configure multiple Defense Center's in ...

by in All Apps and Add-ons
‎11-21-2016 07:55 AM
‎11-21-2016 07:55 AM
Hi @douglashurd, i'm having the same issue here. How do you create multiple instances of eStreamer for Splunk with each its own configuration on the same Splunk server ? Regards, ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All