Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2101
Views
0
Helpful
2
Replies

estreamer + Cisco Firepower App for Splunk : "no results found"

Joeri4242
Level 1
Level 1

‎11-06-2019 07:37 AM - edited ‎02-21-2020 09:40 AM

Hi all,

-Cisco Firepower App for Splunk version 1.3.7

-Cisco eStreamer eNcore for Splunk version 3.6.5

We've successfully setup estreamer between Splunk and our FMC, when I search in the Splunk events for

sourcetype="cisco:estreamer:data", I see thousands of recent events (last 24 hours = 260416 events)

 

However, when I go to the Cisco firepower app for Splunk, all dashboards display "No results found".

I went over the documentation a few times, but as far as I can see, we did everything correctly.

Does anyone have an idea why the app doesn't seem to see/process the estreamer events?

 

Best regards,
Joeri

1 person had this problem
0 Helpful
2 Replies 2

nspasov
Cisco Employee
Cisco Employee

‎11-14-2019 07:42 AM

Hi Joeri-

A couple of questions:

  1. Which dashboard are you using? I ask this because there are two:
  2. Have you followed all of the steps in the guide below:

Thank you for rating helpful posts!

0 Helpful

FirewallZia
Level 1
Level 1
In response to nspasov

‎09-07-2020 07:50 PM

I too am facing the exact same issue. Followed all the steps in the guide and while eStreamer app shows data but nothing in the firepower app. Anyone else have any luck getting this working?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card