All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk for Cisco Identity Services (ISE): Why am I getting error "Splunkd daemon is not responding...The read operation timed out" trying to set up the app?

scottmwa
Explorer
‎06-15-2015 05:57 AM

When trying to set up this app, I get the following error:

Splunk could not perform action for resource apps/local/Splunk_TA_cisco-ise Splunkd daemon is not responding: ('Error connecting to /servicesNS/sorr/Splunk_TA_cisco-ise/apps/local/Splunk_TA_cisco-ise/setup: The read operation timed out',)
There was an error retrieving the configuration, can not process this page.

Splunk is running, and searching. It is on Server 2012. I do also have the Cisco ISE app (Splunk_CiscoISE) app installed, but it is currently disabled.

This is on a completely fresh Splunk install with only two other sources set up for the Cisco Security suite - TA Cisco ASA and TA Cisco IPS. Any help in how to find what is causing this error would be appreciated!

Reply
1 Solution
Solved! Jump to solution
Solution

jconger
Splunk Employee
Splunk Employee
‎08-15-2016 09:59 AM

What version of Splunk are you using? There is a known issue (ADDON-2610/SPL-91709) for 6.3 and below for setting up this add-on in Windows environments -> http://docs.splunk.com/Documentation/AddOns/released/CiscoISE/Releasenotes

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jconger
Splunk Employee
Splunk Employee
‎08-15-2016 09:59 AM

What version of Splunk are you using? There is a known issue (ADDON-2610/SPL-91709) for 6.3 and below for setting up this add-on in Windows environments -> http://docs.splunk.com/Documentation/AddOns/released/CiscoISE/Releasenotes

0 Karma
Reply
Solved! Jump to solution

LarsN
Explorer
‎08-15-2016 06:58 AM

Also running Server 2012
The Splunkd.log says about this incident:

08-15-2016 15:14:46.166 +0200 WARN  SetupAdminHandler - Cannot find field='ise.host' in url='/splunktaciscoise/workflow_sidecar/pxGrid_QuarantineByIP/' setting value to empty string
08-15-2016 15:14:46.166 +0200 WARN  HttpListener - Socket error from 127.0.0.1 while accessing /servicesNS/admin/Splunk_TA_cisco-ise/apps/local/Splunk_TA_cisco-ise/setup: Winsock error 10053
0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...