All Apps and Add-ons

After installing Cisco Security Suite, why am I getting "KeyError: 'elements'" during setup in a distributed search environment?

hoopydave
Path Finder

I've installed Cisco Security Suite 3.1.1 on my Splunk Enterprise search head and restarted Splunk.
When prompted to run the setup, I get an error message:

KeyError: 'elements'
View more information about your request (request ID = 55f6ece9d64122780) in Search

This page was linked to from http://mysplunkserver:8000/en-US/manager/appinstall/Splunk_CiscoSecuritySuite/checkstatus?state=eJx1....

We run a distributed search environment where the search head and indexer are different physical machines, if that matters.

0 Karma

pratik_507
Engager

Can you please let me know if you see any error in $SPLUNK_HOME/var/log/splunk/web_service.log or $SPLUNK_HOME/var/log/splunk/splunkd.log. Please send me the snippet of those error

0 Karma

hoopydave
Path Finder

Here is the message from web_service.log

2015-09-16 09:15:39,203 INFO    [55f97985764791710] _cplogging:55 - [16/Sep/2015:09:15:39] HTTP 
Request Headers:
  ACCEPT-ENCODING: gzip
  HOST: mysplunkserver:8000
  Remote-Addr: 127.0.0.1
  ACCEPT-LANGUAGE: en-US,en;q=0.5
  ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  USER-AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
  TE: chunked
  REMOTE-USER: admin
  X-SPLUNKD: hUiBwyxm3AE4gJBoBGgYsg== 5697549914204021642 lOs_g2^fM8g_HVPQfPb6okKJAd30lJ0^lhSDlCdy0^aNxW81brYmF8GgDIu1JbVjpwE96m978OzDvRnknKY_GCMdUgeWzlExcbr6b6S541A5mLeZvnTsFi1DfJ7ht8Yp2PA 0
  DNT: 1
  COOKIE: session_id_8000=83dc19cb677c7aaf8b399ed017c5b22f0b5fd364; splunkd_8000=lOs_g2^fM8g_HVPQfPb6okKJAd30lJ0^lhSDlCdy0^aNxW81brYmF8GgDIu1JbVjpwE96m978OzDvRnknKY_GCMdUgeWzlExcbr6b6S541A5mLeZvnTsFi1DfJ7ht8Yp2PA; splunkweb_csrf_token_8000=5697549914204021642
  REFERER: http://mysplunkserver:8000/en-US/app/Splunk_CiscoSecuritySuite/
2015-09-16 09:15:39,220 DEBUG   [55f97985764791710] _cplogging:55 - [16/Sep/2015:09:15:39] HTTP Traceback (most recent call last):
  File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\cherrypy\_cprequest.py", line 606, in respond
    cherrypy.response.body = self.handler()
  File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\cherrypy\_cpdispatch.py", line 25, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\routes.py", line 366, in default
    return route.target(self, **kw)
  File "", line 1, in 
  File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 38, in rundecs
    return fn(*a, **kw)
  File "", line 1, in 
  File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 117, in check
    return fn(self, *a, **kw)
  File "", line 1, in 
  File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 166, in validate_ip
    return fn(self, *a, **kw)
  File "", line 1, in 
  File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 334, in preform_sso_check
    return fn(self, *a, **kw)
  File "", line 1, in 
  File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 386, in check_login
    return fn(self, *a, **kw)
  File "", line 1, in 
  File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 406, in handle_exceptions
    return fn(self, *a, **kw)
  File "", line 1, in 
  File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\lib\decorators.py", line 461, in apply_cache_headers
    response = fn(self, *a, **kw)
  File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\appserver\mrsparkle\controllers\admin.py", line 1620, in listEntities
    self.flattenElements(uiHelper['elements'], uiHelper_elements)
KeyError: 'elements'
0 Karma

hoopydave
Path Finder

Here is from splunkd.log:

09-16-2015 09:15:38.908 -0500 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n  File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 70, in init\n    hand.execute(info)\n  File "D:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 527, in execute\n    if self.requestedAction == ACTION_LIST:     self.handleList(confInfo)\n  File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\css_setup_handler.py", line 72, in handleList\n    job = jobs.oneshot('search sourcetype=cisco:asa OR sourcetype=cisco:fwsm OR sourcetype=cisco:pix | head 1 | stats count')\n  File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\splunklib\client.py", line 2992, in oneshot\n    **params).body\n  File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\splunklib\client.py", line 764, in post\n    return self.service.post(path, owner=owner, app=app, sharing=sharing, **query)\n  File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\splunklib\binding.py", line 240, in wrapper\n    return request_fun(self, *args, **kwargs)\n  File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\splunklib\binding.py", line 62, in new_f\n    val = f(*args, **kwargs)\n  File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\splunklib\binding.py", line 658, in post\n    response = self.http.post(path, all_headers, **query)\n  File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\splunklib\binding.py", line 1090, in post\n    return self.request(url, message)\n  File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\splunklib\binding.py", line 1107, in request\n    response = self.handler(url, message, **kwargs)\n  File "D:\Program Files\Splunk\etc\apps\Splunk_CiscoSecuritySuite\bin\splunklib\binding.py", line 1225, in request\n    connection.request(method, path, body, head)\n  File "D:\Program Files\Splunk\Python-2.7\Lib\httplib.py", line 995, in request\n    self._send_request(method, url, body, headers)\n  File "D:\Program Files\Splunk\Python-2.7\Lib\httplib.py", line 1029, in _send_request\n    self.endheaders(body)\n  File "D:\Program Files\Splunk\Python-2.7\Lib\httplib.py", line 991, in endheaders\n    self._send_output(message_body)\n  File "D:\Program Files\Splunk\Python-2.7\Lib\httplib.py", line 844, in _send_output\n    self.send(msg)\n  File "D:\Program Files\Splunk\Python-2.7\Lib\httplib.py", line 806, in send\n    self.connect()\n  File "D:\Program Files\Splunk\Python-2.7\Lib\httplib.py", line 1194, in connect\n    self.timeout, self.source_address)\n  File "D:\Program Files\Splunk\Python-2.7\Lib\socket.py", line 571, in create_connection\n    raise err\nerror: [Errno 10061] No connection could be made because the target machine actively refused it\n
09-16-2015 09:15:38.908 -0500 ERROR AdminManagerExternal - Unexpected error "" from python handler: "[Errno 10061] No connection could be made because the target machine actively refused it".  See splunkd.log for more details.
09-16-2015 09:15:38.908 -0500 ERROR SetupAdminHandler - Error while fetching url=/servicesNS/nobody/Splunk_CiscoSecuritySuite/css_setup/css_setup_endpoint/default/?_strict=true;search=%20eai%3Aacl.app%3D%22%22%20OR%20eai%3Aacl.app%3D%22Splunk_CiscoSecuritySuite%22
0 Karma

Simeon
Splunk Employee
Splunk Employee

The Setup is built to confirm if you have valid items for running the app itself. Getting an error here would imply that the check didn't run successfully, or possibly that you are on an version that doesn't support the app.

What version splunk are you running?

0 Karma

hoopydave
Path Finder

Thanks for the response. We are running Splunk Version 6.2.0, Splunk Build 237341

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...