I've just installed Cisco Security Suite (v 3.1.2) on Splunk (v 7.0.1).
When I launch the app, it takes me to the 'App configuration' screen. I click on the 'Continue to app setup page' button and I get this:
500 Internal Server Error View more information about your request (request ID = 5a54fe1e947fcd584de350) in Search
When I click on the 'View.....' link above, the search has no results.
I had the exact same issue today on splunk 7.0.1. I did increase the search time as others have recommended but what finally solved it seems to be is just skipping the setup configuration page. I'm only monitoring Cisco ASA and IOS devices
I followed the instructions in this thread. and set my etc/apps/Splunk_CiscoSecuriySuite/local/app.conf for is_configured = true
This question was posted a little over a month ago, it would be best to post a brand new question to get maximum exposure and help for your problem. If the answers here weren't able to solve your problem, please post a new question.
ohh!! Because in app document they said:
- Package name still has "Splunk_" prefix. This is required if keeping same Splunkbase path yet this app is no longer Splunk supported
- splunkdConnectionTimeout may still need to be set artificially high on some systems for the setup experience
Could you also check in index=_internal logs to find root cause..