Getting Data In

Cisco Estreamer failing after Splunk 8.1.1 upgrade

rpoiri101
Explorer

I'm running a heavy forwarder on Redhat which I recently upgraded to Splunk Enterprise 8.1.1. Most apps survived the upgrade without issue. The Splunk estreamer app (https://splunkbase.splunk.com/app/3662/) however, doesn't seem to be working anymore. It works for a little while, but then I get the following:

 

Monitor ERROR [no message or attrs]: ProxyProcess[name=subscriberParser].request(status) timeout

This is often appears soon after this:

ERROR [no message or attrs]: 'View' object has no attribute '_View__isHex'\n'View' object has no attribute '_View__isHex'Traceback (most recent call last):\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/baseproc.py", line 209, in receiveInput\n self.onReceive( item )\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/pipeline.py", line 350, in onReceive\n _do( items )\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/pipeline.py", line 344, in _do\n self.onEvent( item )\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/pipeline.py", line 338, in onEvent\n decorate( item['record'], self.settings )\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/pipeline.py", line 185, in decorate\n settings.cache(), record ).create()\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/metadata/view.py", line 532, in create\n if(self.__isHex(hex32)) :\nAttributeError: 'View' object has no attribute '_View__isHex'\n

I've tried downloading the latest version of the app, no change. To get it working again, I have to disable the 3 scripts that bring in the data, kill the PID's running the estreamer, then re-enable the scripts. Sometimes it works again for a few hours. Sometimes a few minutes. Any suggestions? 

Also, something worth mentioning: I noticed when I go to manage apps, there's no "set up" option for this add on or the firepower splunk app, which is normally where I'd do the config for this. 

 

 

 

Labels (3)
0 Karma

src_pwn3d
Loves-to-Learn

I have the same problem with Splunk version 8.0.2

Did you solve this problem?

0 Karma

rpoiri101
Explorer

Yes, the devs ended up fixing it in the latest version of the add on

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...