Activity Feed
- Posted Cisco eStreamer for Splunk: connection event/flow logs delay on All Apps and Add-ons. 09-12-2017 09:36 AM
- Tagged Cisco eStreamer for Splunk: connection event/flow logs delay on All Apps and Add-ons. 09-12-2017 09:36 AM
- Tagged Cisco eStreamer for Splunk: connection event/flow logs delay on All Apps and Add-ons. 09-12-2017 09:36 AM
- Posted Re: Estreamer failing after 6.2.01 upgrade on All Apps and Add-ons. 06-30-2017 09:04 AM
- Posted Re: Estreamer failing after 6.2.01 upgrade on All Apps and Add-ons. 05-08-2017 01:16 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
08-24-2022
12:25 PM
I know this is an old thread, but since a google search led me to it, others will probably read it too. This solution is defined in this other article: https://community.splunk.com/t5/All-Apps-and-Add-ons/Cisco-eStreamer-eNcore-delay-in-logs-getting-to-Splunk/m-p/464251 TL;DR (or in case the URL above breaks), by default eStreamer only picks up events if there are 100 or more to collect. On low-volume systems, this could be an issue, so there is a batchSize parameter to adjust. The end of my estreamer.conf now has this added line at the end: "workerProcesses": 4, "batchSize": 5 }
... View more
10-13-2017
05:14 PM
eNcore + 6.2.2 solved our issue. However we still struggle with finding the multi-processor settings for eNcore. eNcore runs as a single thread, not sure how to make it multi processor. we configured our HF just to do this.
... View more
