You have not configured your FMC Host means that the code has found an FMC host setting which is either blank or 1.2.3.4 . You will need to run through the setup process.
Host and TLS keys
Navigate to app settings in Splunk – from the home page, click the “cog” icon
Find Cisco eStreamer eNcore for Splunk and click “Set-up”
At a minimum:
enter the “FMC hostname or IP address” (this is the bit that answers the specific question here) and
check the “Process PKCS12 file?”. Optionally enter a password here
Each time you load this page, “Process PKCS12 file” is reset to “no” and the password is not saved. It used once to process the PKCS12 file using openSSL and store a public-private key pair.
Check the data you wish to collect. Note that there are no options to turn off intrusion, policy or malware events.
Enable inputs
Navigate to Settings > Data Inputs > Files & Directories and enable the single TA-eStreamer app input (cisco:estreamer:data) – this is the where the main output data files are saved
Navigate to Settings > Data Inputs > Scripts and enable the three TA-eStreamer inputs:
cisco:estreamer:clean – this script has no output but is used to delete data files older than 12 hours
cisco:estreamer:log – this script uses the stdout of eNcore to take program log data. This becomes very useful where things are not going to plan
cisco:estreamer:status – this script runs periodically to maintain a clear status of whether the program is running or not
Execution
Once you have fully configured the collector and enabled the inputs, navigate back to the set-up page in app settings, enable eNcore (“is enabled?”) and press save.
To check the status, search for sourcetype="cisco:estreamer:status"
To check more detailed log output, search for sourcetype="cisco:estreamer:log"
To look for eStreamer data, search for sourcetype=" cisco:estreamer:data"
... View more