Hi, We are running into an issue where the Splunk eStreamer Technical Add-On keeps crashing when receiving events from our Cisco Firepower instance. The exact error logs being observed on the Splunk side are as follows: 2021-12-17 09:19:23,377 root INFO 'latin-1' codec can't encode character '\u2013' in position 460: ordinal not in range(256) 2021-12-17 09:19:23,384 Writer ERROR [no message or attrs]: 'latin-1' codec can't encode character '\u2013' in position 460: ordinal not in range(256)\n'latin-1' codec can't encode character '\u2013' in position 460: ordinal not in range(256)Traceback (most recent call last):\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/baseproc.py", line 209, in receiveInput\n self.onReceive( item )\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/baseproc.py", line 314, in onReceive\n self.onEvent( item )\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/pipeline.py", line 416, in onEvent\n write( item, self.settings )\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/pipeline.py", line 238, in write\n streams[ index ].write( event['payloads'][index] + delimiter )\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/streams/file.py", line 96, in write\n self.file.write( data.encode( self.encoding ).decode('utf-8') )\nUnicodeEncodeError: 'latin-1' codec can't encode character '\u2013' in position 460: ordinal not in range(256)\n 2021-12-17 09:19:23,384 Writer ERROR Message data too large. Enable debug if asked to do so. 2021-12-17 09:19:23,385 Writer INFO Error state. Clearing queue We have also updated the TA to the latest version (4.8.3) as noted on the Splunk Add-On page for the app: https://splunkbase.splunk.com/app/3662/ On the HF side, we also increased number of worker processes from 4 to 8 which did not help. Wondering if anyone experienced the same issues. Let me know. Thanks.
... View more