I installed Splunk on my laptop to check out the tool. Since there was a way to integrate Cisco FMC (we have ver. 6.2.2.2), I proceeded to download the eNcore eStreamer Add-on.
After installing the add-on, it asks for below:
After a few seconds I get "Encountered the following error while trying to update: Error while posting to url=/servicesNS/nobody/TA-eStreamer/encore/configure/main"
I checked the C:\Program Files\Splunk\var\log\splunk\splunkd.log and below is what I see:
02-20-2019 15:15:25.293 -0600 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 130, in init\n hand.execute(info)\n File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 595, in execute\n if self.requestedAction == ACTION_EDIT: self.handleEdit(confInfo)\n File "C:\Program Files\Splunk\etc\apps\TA-eStreamer\bin\configure_handler.py", line 94, in handleEdit\n self._configure()\n File "C:\Program Files\Splunk\etc\apps\TA-eStreamer\bin\configure_handler.py", line 73, in _configure\n output = subprocess.check_output( cmds, stderr = subprocess.STDOUT )\n File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 216, in check_output\n process = Popen(stdout=PIPE, *popenargs, **kwargs)\n File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 394, in __init__\n errread, errwrite)\n File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 644, in _execute_child\n startupinfo)\nWindowsError: [Error 193] %1 is not a valid Win32 application\n
02-20-2019 15:15:25.293 -0600 ERROR AdminManagerExternal - Unexpected error "<type 'exceptions.WindowsError'>" from python handler: "[Error 193] %1 is not a valid Win32 application". See splunkd.log for more details.
02-20-2019 15:15:25.293 -0600 ERROR SetupAdminHandler - Error while posting to url=/servicesNS/nobody/TA-eStreamer/encore/configure/main
02-20-2019 15:39:19.407 -0600 ERROR ProcessDispatchedSearch - PROCESS_SEARCH - Failed opening "C:\Program Files\Splunk\var\run\splunk\dispatch\SummaryDirector_1550698758.3\search.log": The process cannot access the file because it is being used by another process.
02-20-2019 16:00:00.009 -0600 INFO ExecProcessor - setting reschedule_ms=3599991, for command=python "C:\Program Files\Splunk\etc\apps\splunk_instrumentation\bin\instrumentation.py"
02-20-2019 16:00:32.762 -0600 WARN SetupAdminHandler - Cannot find field='process_pkcs12' in url='/encore/configure/main/' setting value to empty string
02-20-2019 16:00:41.359 -0600 WARN SetupAdminHandler - Cannot find field='process_pkcs12' in url='/encore/configure/main/' setting value to empty string
02-20-2019 16:00:54.000 -0600 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 130, in init\n hand.execute(info)\n File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 595, in execute\n if self.requestedAction == ACTION_EDIT: self.handleEdit(confInfo)\n File "C:\Program Files\Splunk\etc\apps\TA-eStreamer\bin\configure_handler.py", line 94, in handleEdit\n self._configure()\n File "C:\Program Files\Splunk\etc\apps\TA-eStreamer\bin\configure_handler.py", line 73, in _configure\n output = subprocess.check_output( cmds, stderr = subprocess.STDOUT )\n File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 216, in check_output\n process = Popen(stdout=PIPE, *popenargs, **kwargs)\n File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 394, in __init__\n errread, errwrite)\n File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 644, in _execute_child\n startupinfo)\nWindowsError: [Error 193] %1 is not a valid Win32 application\n
02-20-2019 16:00:54.000 -0600 ERROR AdminManagerExternal - Unexpected error "<type 'exceptions.WindowsError'>" from python handler: "[Error 193] %1 is not a valid Win32 application". See splunkd.log for more details.
02-20-2019 16:00:54.011 -0600 ERROR SetupAdminHandler - Error while posting to url=/servicesNS/nobody/TA-eStreamer/encore/configure/main
Can someone tell me what I'm missing/doing wrong?
Hi,
I am having the exact same issue, did you end up resolving this?
Hi there, did you ever resolve this?
Having the same issue.
Thanks.
I assume you have processed the pkcs.cert file as per the documentation.
Can you reload the page again and go to $SPLUNK_HOME/etc/apps/TA-eStreamer/bin/encore and look for *.pid file, and dat files with your client ip. Also, look for estreamer.log for any errors?
Hi,
I cannot find any DAT or PID files in that directory?
There is also no estreamer.log file in the