eStreamer eNcore for Splunk - error while posting ...

aspire27 · ‎02-20-2019

I installed Splunk on my laptop to check out the tool. Since there was a way to integrate Cisco FMC (we have ver. 6.2.2.2), I proceeded to download the eNcore eStreamer Add-on.

After installing the add-on, it asks for below:

FMC Hostname or IP address — I enter the address
Check the "Process PKCS12 file? — I check this checkbox
PKCS12 password — I enter the password that I used when generating the client in the FMC under Sytem>Integration>eStreamer. Also, when generating the client in FMC, I used the IP of my laptop (instructions mentioned to enter the IP of the client which will be collecting data from the FMC)
Click Save

After a few seconds I get "Encountered the following error while trying to update: Error while posting to url=/servicesNS/nobody/TA-eStreamer/encore/configure/main"

I checked the C:\Program Files\Splunk\var\log\splunk\splunkd.log and below is what I see:

02-20-2019 15:15:25.293 -0600 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n  File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 130, in init\n    hand.execute(info)\n  File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 595, in execute\n    if self.requestedAction == ACTION_EDIT:     self.handleEdit(confInfo)\n  File "C:\Program Files\Splunk\etc\apps\TA-eStreamer\bin\configure_handler.py", line 94, in handleEdit\n    self._configure()\n  File "C:\Program Files\Splunk\etc\apps\TA-eStreamer\bin\configure_handler.py", line 73, in _configure\n    output = subprocess.check_output( cmds, stderr = subprocess.STDOUT )\n  File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 216, in check_output\n    process = Popen(stdout=PIPE, *popenargs, **kwargs)\n  File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 394, in __init__\n    errread, errwrite)\n  File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 644, in _execute_child\n    startupinfo)\nWindowsError: [Error 193] %1 is not a valid Win32 application\n
02-20-2019 15:15:25.293 -0600 ERROR AdminManagerExternal - Unexpected error "<type 'exceptions.WindowsError'>" from python handler: "[Error 193] %1 is not a valid Win32 application".  See splunkd.log for more details.
02-20-2019 15:15:25.293 -0600 ERROR SetupAdminHandler - Error while posting to url=/servicesNS/nobody/TA-eStreamer/encore/configure/main
02-20-2019 15:39:19.407 -0600 ERROR ProcessDispatchedSearch - PROCESS_SEARCH - Failed opening "C:\Program Files\Splunk\var\run\splunk\dispatch\SummaryDirector_1550698758.3\search.log": The process cannot access the file because it is being used by another process.
02-20-2019 16:00:00.009 -0600 INFO  ExecProcessor - setting reschedule_ms=3599991, for command=python "C:\Program Files\Splunk\etc\apps\splunk_instrumentation\bin\instrumentation.py"
02-20-2019 16:00:32.762 -0600 WARN  SetupAdminHandler - Cannot find field='process_pkcs12' in url='/encore/configure/main/' setting value to empty string
02-20-2019 16:00:41.359 -0600 WARN  SetupAdminHandler - Cannot find field='process_pkcs12' in url='/encore/configure/main/' setting value to empty string
02-20-2019 16:00:54.000 -0600 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n  File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 130, in init\n    hand.execute(info)\n  File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 595, in execute\n    if self.requestedAction == ACTION_EDIT:     self.handleEdit(confInfo)\n  File "C:\Program Files\Splunk\etc\apps\TA-eStreamer\bin\configure_handler.py", line 94, in handleEdit\n    self._configure()\n  File "C:\Program Files\Splunk\etc\apps\TA-eStreamer\bin\configure_handler.py", line 73, in _configure\n    output = subprocess.check_output( cmds, stderr = subprocess.STDOUT )\n  File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 216, in check_output\n    process = Popen(stdout=PIPE, *popenargs, **kwargs)\n  File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 394, in __init__\n    errread, errwrite)\n  File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 644, in _execute_child\n    startupinfo)\nWindowsError: [Error 193] %1 is not a valid Win32 application\n
02-20-2019 16:00:54.000 -0600 ERROR AdminManagerExternal - Unexpected error "<type 'exceptions.WindowsError'>" from python handler: "[Error 193] %1 is not a valid Win32 application".  See splunkd.log for more details.
02-20-2019 16:00:54.011 -0600 ERROR SetupAdminHandler - Error while posting to url=/servicesNS/nobody/TA-eStreamer/encore/configure/main

Can someone tell me what I'm missing/doing wrong?

gerald_contrera · ‎08-26-2019

Hi,

I am having the exact same issue, did you end up resolving this?

mattcosa · ‎05-20-2019

Hi there, did you ever resolve this?

Having the same issue.

Thanks.

lakshman239 · ‎02-22-2019

I assume you have processed the pkcs.cert file as per the documentation.

Can you reload the page again and go to $SPLUNK_HOME/etc/apps/TA-eStreamer/bin/encore and look for *.pid file, and dat files with your client ip. Also, look for estreamer.log for any errors?

gerald_contrera · ‎08-26-2019

Hi,
I cannot find any DAT or PID files in that directory?
There is also no estreamer.log file in the

eStreamer eNcore for Splunk - error while posting to url=/servicesNS/nobody/TA-eStreamer/encore/configure/main

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life

Introducing Splunk Enterprise 9.2