All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Cisco Security Suite Setup Failure

edwardrose
Contributor
‎04-25-2017 12:11 PM

Hello All

I have Splunk Enterprise 6.5.2 and Cisco Security Suite 3.1.2. I also have TAs for ASA, ESA and WSA installed. When I launch the Cisco Security Suite app it goes to the config page and when I click continue to app setup page I get an error.

404 Not Found

Return to Splunk home page
Page not found!
View more information about your request (request ID = 58ff9ebd527f7a53201490) in Search

This page was linked to from https://splk-srch-01.wv.mentorg.com:8000/en-US/app/Splunk_CiscoSecuritySuite/.

I do not see any other issues or errors. I have tried to follow the instructions from the following link but it fails as well.

https://answers.splunk.com/answers/12702/splunk-cisco-security-suite.html?utm_source=typeahead&utm_m...

Does anyone have any idea why it isn't working or how to fix it?

thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎04-25-2017 12:19 PM

Basically, the app is timing out because it does an initial data sweep prior to start configuration.

There are two options: increase timeout, or edit python to bypass the jobs that run against your data. If you are a very large environment, just do option two, edit the python. Option 1 will work if let it run long enough.

More details are over here: https://answers.splunk.com/answers/409761/why-am-i-getting-a-404-error-when-i-try-to-set-up.html.

Option 1

Edit: /opt/splunk/etc/system/local/web.conf

splunkdConnectionTimeout = 1400

Option 2

Edit: Splunk_CiscoSecuritySuite/bin/css_setup_handler.py

alter the lines looking like info['asa_count'] = 0 to= 1 instead where a feature should be installed.
REMOVE all lines that look like that are running search jobs.

Restart Splunk.

View solution in original post

Reply
Solved! Jump to solution

eidil
Explorer
‎04-16-2020 08:16 PM

You can edit the app.conf file. Search for the install stanza and change:

is_configured = true

0 Karma
Reply
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎04-25-2017 12:19 PM

Basically, the app is timing out because it does an initial data sweep prior to start configuration.

There are two options: increase timeout, or edit python to bypass the jobs that run against your data. If you are a very large environment, just do option two, edit the python. Option 1 will work if let it run long enough.

More details are over here: https://answers.splunk.com/answers/409761/why-am-i-getting-a-404-error-when-i-try-to-set-up.html.

Option 1

Edit: /opt/splunk/etc/system/local/web.conf

splunkdConnectionTimeout = 1400

Option 2

Edit: Splunk_CiscoSecuritySuite/bin/css_setup_handler.py

alter the lines looking like info['asa_count'] = 0 to= 1 instead where a feature should be installed.
REMOVE all lines that look like that are running search jobs.

Restart Splunk.

Reply
Solved! Jump to solution

nmiller_splunk
Splunk Employee
Splunk Employee
‎04-25-2017 12:36 PM

The need to increase the timeout is explicitly called out in the release notes Cisco Security Suite details here: https://splunkbase.splunk.com/app/525/#/details

Known Issues
===
3.1.2
- Package name still has "Splunk_" prefix. This is required if keeping same Splunkbase path yet this app is no longer Splunk supported
- splunkdConnectionTimeout may still need to be set artificially high on some systems for the setup experience

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...