All Apps and Add-ons

How do I fix this error during installing Cisco Security Suite.

dudenj
Engager

Encountered the following error while trying to update: Splunkd daemon is not responding: (u'Error connecting to /servicesNS/nobody/Splunk_CiscoSecuritySuite/apps/local/Splunk_CiscoSecuritySuite/setup: The read operation timed out',)

I got this error when trying to setup the Cisco Security Suite. I installed the two addons after the Cisco Security Suite and when I try to check the ISE and ASA boxes to add those dashboards it gives me the above error. I have tried reinstalling the app and both add-on's and I am still getting this error.

Tags (1)

Shack
Explorer

I'm experiencing the same issue. Was this ever resolved? If so, what was the solution?

Thank you.

0 Karma

coryhebert
New Member

Same issue here...not sure how to proceed.

0 Karma

chrisdavies76
New Member

Also having same issue with the Forescout App - anyone ever get anywhere with this?

0 Karma

jwelch_splunk
Splunk Employee
Splunk Employee

Might try to modify your $SPLUNK_HOME/etc/system/local/web.conf

splunkdConnectionTimeout =

* Number of seconds to wait before timing out when communicating with splunkd
* Must be at least 30
* Values smaller than 30 will be ignored, resulting in the use of the default value
* Defaults to 30

Have heard that you might have to go as high as 1200 to get it to work.

This issue is being addressed in a future release.

hortonew
Builder

I'm having the same issue:

Just tried by increasing to 1200 and it still timed out after that period was up. I had one search head return successfully once with the defaults, but haven't been able to get back into it.

Do you happen to know at what point in the script it's having problems? What is happening behind the scenes that causes this problem?

stmcmahon_splun
Splunk Employee
Splunk Employee

We are having the team that developed the app take a look. Jwelch is correct in setting to 1200 works most of the time, but since 2 customers had the exact same issue, I am escalating.

While Security Suite may not be supported, we still care (jwelch is the global Tech Lead for ES products and I am the VP of Support).

0 Karma

jeffriesa
Path Finder

We are experiencing the same issue. Changing the setting to 1200 does now work.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...