×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Rafaelled
Explorer
Member since: ‎09-11-2023
‎02-19-2026
Community Statistics
Posts 4
Solutions 1
Karma Given 0
Karma Received 2
Member Since ‎09-11-2023
View All

Cisco Security Cloud Estreamer Issues

by in Getting Data In
‎02-17-2026 10:14 AM
1 Karma
‎02-17-2026 10:14 AM
1 Karma
Good Afternoon, I have been at war with the estreamer app for 2 weeks and I can not get this to work. Below is the current specs: RHEL 9.5 With FIPS Splunk 9.4.4 HF FMC 7.4.2.4 Cisco Security Cloud 3.6.1 So I had issues with fips and the cert, i was able to fix that. I then ran into network connectivity issues and that was resolved. I can openssl with the estreamer cert to the FMC on port 8302 and have no issues connecting to it with TLS. The issue occurs when I set up the estreamer inputs on the Cisco Security Cloud app. When I put in the password and all the information the input fails and below are the logs of the issue. I cant seem to find anything online on this issue with estreamer. Any help would be great, Thank you 2026-02-17 12:50:38,776 INFO [collect_events] validate_connection():195 Get test chunk of events for input test 2026-02-17 12:50:38,777 INFO [estreamer_connection] get_events():145 Getting events 2026-02-17 12:50:38,777 INFO [collect_events] validate_connection():205 Clean up after eStreamer validation process: test 2026-02-17 12:50:38,778 INFO [collect_events] validate_connection():211 Delete certificate files 2026-02-17 12:50:38,778 ERROR [sbg_fw_estreamer_input] validate_input():180 instance=test, error_type=Connection, error_code=error, error_detail=Struct error occurred, probably invalid format of data, traceback=unpack requires a buffer of 2 bytes, filter_value=sbg_fw_estreamer_input.py,   ... View more

Re: Elastic Integrator App

by in Getting Data In
‎02-11-2025 06:57 AM
1 Karma
‎02-11-2025 06:57 AM
1 Karma
Thank you @tscroggins, We have 2 logstash servers so I took one of them and made a to conf file that sends data from elastic to splunk via hec. Only issue now is logstash is running out of heap memory due to the size of the transfers. Working on fixing the pipeline now. Thanks again for the suggestions! ... View more

Elastic Integrator App

by in Getting Data In
‎02-05-2025 08:19 AM
‎02-05-2025 08:19 AM
Hello, I have been trying to migrate elk data to splunk, we have elk data dating back 2 years and I have attempted to use the elastic integrator app from splunk base. I was able to set it up with SSL and its bringing logs in from the past 30 days. The issue I have is that if I try to change the timeframe in the inputs.conf it will not work, and if I try to use a wildcard for the indice it will not work as well. Has anyone found a way around this? I am also open to hearing any other suggestions to get old elk data into splunk, thank you.  #https://splunkbase.splunk.com/app/4175 ... View more

Redfish Error, Unable to initialize modular input ...

by in All Apps and Add-ons
‎09-11-2023 10:02 AM
‎09-11-2023 10:02 AM
Good Afternoon,   I have been trying to fix this error for a few weeks now. The app was working fine and just stopped out of no where a few months ago. I have attempted full reinstalls of the app, searching all over google and the splunk community page I have looked at multiple errors similar from other apps and none of the solutions helped. Permissions are correct as well any help would be greatly appreciated!  The full error is "Unable to initialize modular input "redfish" defined in the app "TA-redfish-add-on-for-splunk" : introspecting scheme=redfish: script running failed (PID 4535 exited with code 1)" ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎02-19-2026 06:42 AM
Karma from
View All