All Apps and Add-ons

Why are there Javascript errors when setting up Splunk Security Essentials and Automated introspection?

gmccormack
Engager

I've been trying to set up Splunk Security Essentials but keep running into Javascript errors and other odd behaviour. When I run the Automated data introspection in "Step One: CIM Searches" I always get 42 completed searches and the remaining 22 searches complete but are never marked as completed (clicking the link to the search brings up the results I'd expect to see). In the browser Dev Tools Console it shows an error that window.updateOrMergeProducts is not a function and this seems to match up with the searches that are never marked as being completed.

I've also noticed that it's getting a 400 Bad Request when doing a POST request to __raw/servicesNS/<username>/Splunk_Security_Essentials/search/jobs. Checking these I can see that they are all for searches like | from datamodel:Identity_Management.All_Assets | head 300000| stats count and the error that comes from searching is that the data model doesn't exist. I'm unsure if this is because something went wrong with the installation or if it's because the inventorying hasn't been completed yet.

Unfortunately I also get errors when trying to configure the Data Inventory manually where I can't attach a product to 2 categories - e.g. successful authentications & failed authentications.

I've tried resetting several times without any progress.

I'm running Splunk Enterprise 8.2.5 and Splunk Security Essentials 3.5.0.

Has anyone come across this behaviour before?

Labels (2)
Tags (3)
0 Karma
1 Solution

peppi
Explorer

@gmccormack : Had weird behavior as well. Like you described plus the "add Product" button was not working. I ended up in downgrading to 3.4.0

The only thing I needed to tweak were the timeouts (auto_cancel, max_time) in file: Splunk_Security_Essentials\appserver\static\components\controls\data_inventory_introspection.js  to make sure the searches run until finished.

View solution in original post

Tags (1)
0 Karma

gmccormack
Engager

Thanks @peppi , that looks to have worked perfectly.

 

0 Karma

peppi
Explorer

@gmccormack : Had weird behavior as well. Like you described plus the "add Product" button was not working. I ended up in downgrading to 3.4.0

The only thing I needed to tweak were the timeouts (auto_cancel, max_time) in file: Splunk_Security_Essentials\appserver\static\components\controls\data_inventory_introspection.js  to make sure the searches run until finished.

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...