Hi all,
- Splunk Enterprise Version: 8.0.0 Build: 1357bef0a7f6
-Cisco Firepower App for Splunk version 1.3.7
-Cisco eStreamer eNcore for Splunk version 3.6.5
We've successfully setup estreamer between Splunk and our FMC, when I search in the Splunk events for sourcetype="cisco:estreamer:data", I see thousands of recent events (last 24 hours = 260416 events)
However, when I go to the Cisco firepower app for Splunk, all dashboards display "No results found".
I went over the documentation a few times, but as far as I can see, we did everything correctly.
Does anyone have an idea why the app doesn't seem to see/process the estreamer events?
Best regards,
Joeri
... View more