I've just installed Cisco Security Suite (v 3.1.2) on Splunk (v 7.0.1).
When I launch the app, it takes me to the 'App configuration' screen. I click on the 'Continue to app setup page' button and I get this:
500 Internal Server Error View more information about your request (request ID = 5a54fe1e947fcd584de350) in Search
When I click on the 'View.....' link above, the search has no results.
I had the exact same issue today on splunk 7.0.1. I did increase the search time as others have recommended but what finally solved it seems to be is just skipping the setup configuration page. I'm only monitoring Cisco ASA and IOS devices
I followed the instructions in this thread. and set my etc/apps/Splunk_CiscoSecuriySuite/local/app.conf for is_configured = true
This question was posted a little over a month ago, it would be best to post a brand new question to get maximum exposure and help for your problem. If the answers here weren't able to solve your problem, please post a new question.
I am trying to submit my response as an answer to their problem. What would be the best way to do that. I had the same issue.
Thank you for answering! I just converted your comment into an answer.
Thanks! I appreciate it 🙂
Please refer below link:
Thanks for your reply p_gurav.
Unfortunately, this did not work for me.
Could you please check app permission in app manager?
Everyone has read permissions. Admin has write permissions.
ohh!! Because in app document they said:
- Package name still has "Splunk_" prefix. This is required if keeping same Splunkbase path yet this app is no longer Splunk supported
- splunkdConnectionTimeout may still need to be set artificially high on some systems for the setup experience
Could you also check in index=_internal logs to find root cause..
Also try Option 2 specified in this thread:
Also can you tell me what value you set for Timeout? Did You restart splunk service after that?
Timeout is 300. Splunk service was restarted.