Encountered the following error while trying to update: Splunkd daemon is not responding: (u'Error connecting to /servicesNS/nobody/Splunk_CiscoSecuritySuite/apps/local/Splunk_CiscoSecuritySuite/setup: The read operation timed out',)
I got this error when trying to setup the Cisco Security Suite. I installed the two addons after the Cisco Security Suite and when I try to check the ISE and ASA boxes to add those dashboards it gives me the above error. I have tried reinstalling the app and both add-on's and I am still getting this error.
Might try to modify your $SPLUNK_HOME/etc/system/local/web.conf
* Number of seconds to wait before timing out when communicating with splunkd
* Must be at least 30
* Values smaller than 30 will be ignored, resulting in the use of the default value
* Defaults to 30
Have heard that you might have to go as high as 1200 to get it to work.
This issue is being addressed in a future release.
I'm having the same issue:
Just tried by increasing to 1200 and it still timed out after that period was up. I had one search head return successfully once with the defaults, but haven't been able to get back into it.
Do you happen to know at what point in the script it's having problems? What is happening behind the scenes that causes this problem?
We are having the team that developed the app take a look. Jwelch is correct in setting to 1200 works most of the time, but since 2 customers had the exact same issue, I am escalating.
While Security Suite may not be supported, we still care (jwelch is the global Tech Lead for ES products and I am the VP of Support).