I've installed Cisco Security Suite 3.1.1 on my Splunk Enterprise search head and restarted Splunk.
When prompted to run the setup, I get an error message:
KeyError: 'elements'
View more information about your request (request ID = 55f6ece9d64122780) in Search
This page was linked to from http://mysplunkserver:8000/en-US/manager/appinstall/Splunk_CiscoSecuritySuite/checkstatus?state=eJx1....
We run a distributed search environment where the search head and indexer are different physical machines, if that matters.
Can you please let me know if you see any error in $SPLUNK_HOME/var/log/splunk/web_service.log or $SPLUNK_HOME/var/log/splunk/splunkd.log. Please send me the snippet of those error
Here is the message from web_service.log
2015-09-16 09:15:39,203 INFO [55f97985764791710] _cplogging:55 - [16/Sep/2015:09:15:39] HTTP
Request Headers:
ACCEPT-ENCODING: gzip
HOST: mysplunkserver:8000
Remote-Addr: 127.0.0.1
ACCEPT-LANGUAGE: en-US,en;q=0.5
ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
USER-AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
TE: chunked
REMOTE-USER: admin
X-SPLUNKD: hUiBwyxm3AE4gJBoBGgYsg== 5697549914204021642 lOs_g2^fM8g_HVPQfPb6okKJAd30lJ0^lhSDlCdy0^aNxW81brYmF8GgDIu1JbVjpwE96m978OzDvRnknKY_GCMdUgeWzlExcbr6b6S541A5mLeZvnTsFi1DfJ7ht8Yp2PA 0
DNT: 1
COOKIE: session_id_8000=83dc19cb677c7aaf8b399ed017c5b22f0b5fd364; splunkd_8000=lOs_g2^fM8g_HVPQfPb6okKJAd30lJ0^lhSDlCdy0^aNxW81brYmF8GgDIu1JbVjpwE96m978OzDvRnknKY_GCMdUgeWzlExcbr6b6S541A5mLeZvnTsFi1DfJ7ht8Yp2PA; splunkweb_csrf_token_8000=5697549914204021642
REFERER: http://mysplunkserver:8000/en-US/app/Splunk_CiscoSecuritySuite/
2015-09-16 09:15:39,220 DEBUG [55f97985764791710] _cplogging:55 - [16/Sep/2015:09:15:39] HTTP Traceback (most recent call last):
File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\cherrypy\_cprequest.py", line 606, in respond
cherrypy.response.body = self.handler()
File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\cherrypy\_cpdispatch.py", line 25, in __call__
return self.callable(*self.args, **self.kwargs)
File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\routes.py", line 366, in default
return route.target(self, **kw)
File "", line 1, in
File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 38, in rundecs
return fn(*a, **kw)
File "", line 1, in
File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 117, in check
return fn(self, *a, **kw)
File "", line 1, in
File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 166, in validate_ip
return fn(self, *a, **kw)
File "", line 1, in
File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 334, in preform_sso_check
return fn(self, *a, **kw)
File "", line 1, in
File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 386, in check_login
return fn(self, *a, **kw)
File "", line 1, in
File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 406, in handle_exceptions
return fn(self, *a, **kw)
File "", line 1, in
File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 461, in apply_cache_headers
response = fn(self, *a, **kw)
File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\controllers\admin.py", line 1620, in listEntities
self.flattenElements(uiHelper['elements'], uiHelper_elements)
KeyError: 'elements'
Here is from splunkd.log:
09-16-2015 09:15:38.908 -0500 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 70, in init\n hand.execute(info)\n File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 527, in execute\n if self.requestedAction == ACTION_LIST: self.handleList(confInfo)\n File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\css_setup_handler.py", line 72, in handleList\n job = jobs.oneshot('search sourcetype=cisco:asa OR sourcetype=cisco:fwsm OR sourcetype=cisco:pix | head 1 | stats count')\n File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\splunklib\client.py", line 2992, in oneshot\n **params).body\n File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\splunklib\client.py", line 764, in post\n return self.service.post(path, owner=owner, app=app, sharing=sharing, **query)\n File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\splunklib\binding.py", line 240, in wrapper\n return request_fun(self, *args, **kwargs)\n File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\splunklib\binding.py", line 62, in new_f\n val = f(*args, **kwargs)\n File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\splunklib\binding.py", line 658, in post\n response = self.http.post(path, all_headers, **query)\n File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\splunklib\binding.py", line 1090, in post\n return self.request(url, message)\n File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\splunklib\binding.py", line 1107, in request\n response = self.handler(url, message, **kwargs)\n File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\splunklib\binding.py", line 1225, in request\n connection.request(method, path, body, head)\n File "D:\Program Files\Splunk\Python-2.7\Lib\httplib.py", line 995, in request\n self._send_request(method, url, body, headers)\n File "D:\Program Files\Splunk\Python-2.7\Lib\httplib.py", line 1029, in _send_request\n self.endheaders(body)\n File "D:\Program Files\Splunk\Python-2.7\Lib\httplib.py", line 991, in endheaders\n self._send_output(message_body)\n File "D:\Program Files\Splunk\Python-2.7\Lib\httplib.py", line 844, in _send_output\n self.send(msg)\n File "D:\Program Files\Splunk\Python-2.7\Lib\httplib.py", line 806, in send\n self.connect()\n File "D:\Program Files\Splunk\Python-2.7\Lib\httplib.py", line 1194, in connect\n self.timeout, self.source_address)\n File "D:\Program Files\Splunk\Python-2.7\Lib\socket.py", line 571, in create_connection\n raise err\nerror: [Errno 10061] No connection could be made because the target machine actively refused it\n
09-16-2015 09:15:38.908 -0500 ERROR AdminManagerExternal - Unexpected error "" from python handler: "[Errno 10061] No connection could be made because the target machine actively refused it". See splunkd.log for more details.
09-16-2015 09:15:38.908 -0500 ERROR SetupAdminHandler - Error while fetching url=/servicesNS/nobody/Splunk_CiscoSecuritySuite/css_setup/css_setup_endpoint/default/?_strict=true;search=%20eai%3Aacl.app%3D%22%22%20OR%20eai%3Aacl.app%3D%22Splunk_CiscoSecuritySuite%22
The Setup is built to confirm if you have valid items for running the app itself. Getting an error here would imply that the check didn't run successfully, or possibly that you are on an version that doesn't support the app.
What version splunk are you running?
Thanks for the response. We are running Splunk Version 6.2.0, Splunk Build 237341