All Apps and Add-ons

How do I fix this error during installing Cisco Security Suite.

dudenj
Engager

Encountered the following error while trying to update: Splunkd daemon is not responding: (u'Error connecting to /servicesNS/nobody/Splunk_CiscoSecuritySuite/apps/local/Splunk_CiscoSecuritySuite/setup: The read operation timed out',)

I got this error when trying to setup the Cisco Security Suite. I installed the two addons after the Cisco Security Suite and when I try to check the ISE and ASA boxes to add those dashboards it gives me the above error. I have tried reinstalling the app and both add-on's and I am still getting this error.

Tags (1)

Shack
Explorer

I'm experiencing the same issue. Was this ever resolved? If so, what was the solution?

Thank you.

0 Karma

coryhebert
New Member

Same issue here...not sure how to proceed.

0 Karma

chrisdavies76
New Member

Also having same issue with the Forescout App - anyone ever get anywhere with this?

0 Karma

jwelch_splunk
Splunk Employee
Splunk Employee

Might try to modify your $SPLUNK_HOME/etc/system/local/web.conf

splunkdConnectionTimeout =

* Number of seconds to wait before timing out when communicating with splunkd
* Must be at least 30
* Values smaller than 30 will be ignored, resulting in the use of the default value
* Defaults to 30

Have heard that you might have to go as high as 1200 to get it to work.

This issue is being addressed in a future release.

hortonew
Builder

I'm having the same issue:

Just tried by increasing to 1200 and it still timed out after that period was up. I had one search head return successfully once with the defaults, but haven't been able to get back into it.

Do you happen to know at what point in the script it's having problems? What is happening behind the scenes that causes this problem?

stmcmahon_splun
Splunk Employee
Splunk Employee

We are having the team that developed the app take a look. Jwelch is correct in setting to 1200 works most of the time, but since 2 customers had the exact same issue, I am escalating.

While Security Suite may not be supported, we still care (jwelch is the global Tech Lead for ES products and I am the VP of Support).

0 Karma

jeffriesa
Path Finder

We are experiencing the same issue. Changing the setting to 1200 does now work.

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...