@skhademd @douglashurd Have installed 4.6.1 afresh and configured from scratch to connect to our FMCs(with DEBUG logging enabled. Collection has resumed in Splunk. However, here are the initial observations. 1)Data collection is always 10-15 minutes behind current time. 2)Checking estreamer logs, the events per second is consistently on the decrease. Not sure if it's on the path to stoppage of collection 2021-06-30 14:19:58,631 Monitor INFO Running. 103400 handled; average rate 25.34 ev/sec; 2021-06-30 14:20:08,633 Receiver DEBUG FMC sent no data 2021-06-30 14:20:23,145 Receiver DEBUG FMC sent no data 2021-06-30 14:20:33,658 Receiver DEBUG FMC sent no data 2021-06-30 14:20:47,175 Receiver DEBUG FMC sent no data 2021-06-30 14:20:57,684 Receiver DEBUG FMC sent no data 2021-06-30 14:21:08,190 Receiver DEBUG FMC sent no data 2021-06-30 14:21:18,699 Receiver DEBUG FMC sent no data 2021-06-30 14:21:29,209 Receiver DEBUG FMC sent no data 2021-06-30 14:21:36,240 Receiver DEBUG Got null message. 2021-06-30 14:21:47,252 Receiver DEBUG FMC sent no data 2021-06-30 14:21:57,764 Receiver DEBUG FMC sent no data 2021-06-30 14:21:58,274 Monitor INFO Running. 103400 handled; average rate 24.62 ev/sec; 2021-06-30 14:22:08,267 Receiver DEBUG FMC sent no data 2021-06-30 14:22:18,778 Receiver DEBUG FMC sent no data 2021-06-30 14:22:29,289 Receiver DEBUG FMC sent no data 2021-06-30 14:22:36,301 Receiver DEBUG Got null message. 2021-06-30 14:22:46,312 Receiver DEBUG FMC sent no data 2021-06-30 14:22:56,822 Receiver DEBUG FMC sent no data 2021-06-30 14:23:14,347 Receiver DEBUG FMC sent no data 2021-06-30 14:23:29,368 Receiver DEBUG FMC sent no data 2021-06-30 14:23:43,386 Receiver DEBUG FMC sent no data 2021-06-30 14:23:47,402 Monitor INFO Running. 103400 handled; average rate 23.93 ev/sec; 2021-06-30 14:23:57,406 Receiver DEBUG FMC sent no data 2021-06-30 14:24:07,915 Receiver DEBUG FMC sent no data 2021-06-30 14:24:22,436 Receiver DEBUG FMC sent no data 2021-06-30 14:24:32,946 Receiver DEBUG FMC sent no data 2021-06-30 14:24:43,454 Receiver DEBUG FMC sent no data 2021-06-30 14:24:53,959 Receiver DEBUG FMC sent no data 2021-06-30 14:25:04,471 Receiver DEBUG FMC sent no data 2021-06-30 14:25:11,492 Receiver DEBUG Got null message. 2021-06-30 14:25:21,498 Receiver DEBUG FMC sent no data 2021-06-30 14:25:32,006 Receiver DEBUG FMC sent no data 2021-06-30 14:25:42,518 Receiver DEBUG FMC sent no data 2021-06-30 14:25:53,028 Receiver DEBUG FMC sent no data 2021-06-30 14:25:53,542 Monitor INFO Running. 103400 handled; average rate 23.29 ev/sec; 2021-06-30 14:26:03,540 Receiver DEBUG FMC sent no data 2021-06-30 14:26:11,564 Receiver DEBUG Got null message. 2021-06-30 14:26:21,563 Receiver DEBUG FMC sent no data 2021-06-30 14:26:32,076 Receiver DEBUG FMC sent no data 2021-06-30 14:26:42,584 Receiver DEBUG FMC sent no data 2021-06-30 14:26:53,089 Receiver DEBUG FMC sent no data 2021-06-30 14:27:03,601 Receiver DEBUG FMC sent no data 2021-06-30 14:27:11,626 Receiver DEBUG Got null message. 2021-06-30 14:27:21,636 Receiver DEBUG FMC sent no data 2021-06-30 14:27:32,149 Receiver DEBUG FMC sent no data 2021-06-30 14:27:49,673 Receiver DEBUG FMC sent no data 2021-06-30 14:28:00,183 Receiver DEBUG FMC sent no data 2021-06-30 14:28:00,697 Monitor INFO Running. 103400 handled; average rate 22.67 ev/sec; 2021-06-30 14:28:10,688 Receiver DEBUG FMC sent no data 2021-06-30 14:28:21,193 Receiver DEBUG FMC sent no data 2021-06-30 14:28:31,701 Receiver DEBUG FMC sent no data 3)Clean up script has an issue with absolute vs relative path I suspect , as I notice this error in Splunk internal logs. 06-30-2021 14:17:27.087 -0400 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/TA-eStreamer/bin/splencore.sh clean" find: `./encore/data': No such file or directory
... View more