If the eStreamer server is still sending logs to $SPLUNK_HOME/etc/apps/eStreamer/log and you can see them there, it would appear to be some sort of an issue with the Splunk inputs that is causing the problem; not eStreamer specifically.
Since this is a recurring issue, try putting the splunk logs in debug for the associated process on the HWF:
1) Go to $SPLUNK_HOME/etc/
2) Make a backup copy of the log.cfg file
3) Edit the log.cfg file and change the following lines from INFO:
category.TailingProcessor=DEBUG
category.WatchedFile=DEBUG
category.TailReader=DEBUG
It is also possible for there to be issues with other devices sending data to the same port that is being used to receive the eStreamer logs; so check the inputs on the HWF and verify that this is not happening.
... View more