All Apps and Add-ons

Cisco Security Suite - cannot configure

pil321
Communicator

I've just installed Cisco Security Suite (v 3.1.2) on Splunk (v 7.0.1).

When I launch the app, it takes me to the 'App configuration' screen. I click on the 'Continue to app setup page' button and I get this:

500 Internal Server Error

View more information about your request (request ID = 5a54fe1e947fcd584de350) in Search

When I click on the 'View.....' link above, the search has no results.

Any ideas?

mwisniewski9
Explorer

Hello,

I had the exact same issue today on splunk 7.0.1. I did increase the search time as others have recommended but what finally solved it seems to be is just skipping the setup configuration page. I'm only monitoring Cisco ASA and IOS devices

I followed the instructions in this thread. and set my etc/apps/Splunk_CiscoSecuriySuite/local/app.conf for is_configured = true
https://answers.splunk.com/answers/12702/splunk-cisco-security-suite.html

0 Karma

Anam
Community Manager
Community Manager

Hello mwisniewski9

This question was posted a little over a month ago, it would be best to post a brand new question to get maximum exposure and help for your problem. If the answers here weren't able to solve your problem, please post a new question.

Thanks

0 Karma

mwisniewski9
Explorer

I am trying to submit my response as an answer to their problem. What would be the best way to do that. I had the same issue.

0 Karma

Anam
Community Manager
Community Manager

Hi mwisniewski9

Thank you for answering! I just converted your comment into an answer.

0 Karma

mwisniewski9
Explorer

Thanks! I appreciate it 🙂

0 Karma

p_gurav
Champion

pil321
Communicator

Thanks for your reply p_gurav.

Unfortunately, this did not work for me.

0 Karma

p_gurav
Champion

Could you please check app permission in app manager?

0 Karma

pil321
Communicator

Everyone has read permissions. Admin has write permissions.

0 Karma

p_gurav
Champion

ohh!! Because in app document they said:

Known Issues

3.1.2
- Package name still has "Splunk_" prefix. This is required if keeping same Splunkbase path yet this app is no longer Splunk supported
- splunkdConnectionTimeout may still need to be set artificially high on some systems for the setup experience

Could you also check in index=_internal logs to find root cause..

0 Karma

p_gurav
Champion
0 Karma

p_gurav
Champion

Also can you tell me what value you set for Timeout? Did You restart splunk service after that?

0 Karma

pil321
Communicator

Timeout is 300. Splunk service was restarted.

0 Karma
Get Updates on the Splunk Community!

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

You asked, we delivered. Splunk Observability Cloud has several new innovations giving you deeper visibility ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...