EDIT: For Elastic Python (v6) This project has been archived on GitHub so you are quite unlikely to get support from the creator. Looking through the code, there is no timeout argument for the ess command, so not a lot you can do on the Splunk-side. If you're happy to have a go at editing the code, then the Elasticsearch.search method in the Elastic Python SDK (v6) takes a timeout argument. Have a go at adding it under line 266 in ./elasticsplunk/bin/elasticsplunk.py: res = esclient.search(index=config[KEY_CONFIG_INDEX], size=config[KEY_CONFIG_LIMIT], _source_include=config[KEY_CONFIG_FIELDS], doc_type=config[KEY_CONFIG_SOURCE_TYPE], body=body) Add the timeout argument as follows (don't forget the comma at the end of the body line): res = esclient.search(index=config[KEY_CONFIG_INDEX], size=config[KEY_CONFIG_LIMIT], _source_include=config[KEY_CONFIG_FIELDS], doc_type=config[KEY_CONFIG_SOURCE_TYPE], body=body, timeout=600) FYI, I haven't tested this because I don't have elastic, but looking through the code, I think this will work. There are also some elastic add-ons on Splunkbase that might be worth checking out to see if they're actively supported?
... View more