×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
yssplunker
New Member
Member since: a week ago
a week ago
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-28-2025
View All

Re: Unable to receive intrusion event packet data ...

by in All Apps and Add-ons
a week ago
a week ago
Sourcetype is "cisco:sfw:estreamer" and i am using with default app settings . ... View more

Unable to receive intrusion event packet data fiel...

by in All Apps and Add-ons
a week ago
a week ago
Hi All, As old estreamer add -on is replaced by new app Cisco security cloud ( https://splunkbase.splunk.com/app/7404) , we have installed new app and testing in distributed environment. We are facing one issue with intrusion event packet logs which are streaming from FMC into splunk. Whenever "packet data" field in intrusion event packets greater than 4k bytes, it is missing in splunk logs.Only packetdata field is missing, remaining complete log is visible in splunk. And there are no errors related to parsing, truncating issues in splunk _internal index. Does anyone has faced the same issue or any fix for this? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
a week ago