Hello all -
I am in the process of evaluating Splunk (for windows), and found the Cisco ASA and Pix Firewall addon, but seem to be having a problem.
I am pretty sure I installed it correctly (unzipped to /program files/splunk/etc/apps).
When I try to open the some of the dashboards, I get an error -
500 Internal Server Error TypeError: 'NoneType' object is unsubscriptable This page was linked to from http://splunktest:8000/en-US/app/SplunkforCiscoSecurity/rt_firewall.
I have the firewalls set to send Syslogs to the Splunk test server, but is there somthing i might have missed?
Did you do the Splunk for Cisco Security app or the Splunk for Cisco PIX or both? I would suggest maybe a restart of your Splunk instance and see if that helps.
My understanding is that the Splunk for Cisco Security app does NOT support the PIX appliance, so you might be better off getting the Cisco Firewalls app (http://www.splunkbase.com/apps/All/4.x/app:Cisco+Firewalls) if you're getting logs from a PIX. This should help: http://answers.splunk.com/questions/3366/how-do-i-install-the-cisco-firewall-add-on
I would also check gkanapathy's suggestion on this entry: http://answers.splunk.com/questions/2029/what-does-the-typeerror-nonetype-object-is-unsubscriptable-...
As for the license issue, there does seem to be an issue when switching from the eval version to the free version. However, if you're still on eval, you shouldn't be getting alot of errors. Try the suggestions from the link above, and make sure you restart the splunk instance.
Let me ask another question related to this - is there a difference from the "evaluation" version and purchased? I am testing splunk - we have not purchased it yet - so i dont know if that matters. I ask, because I get all kinds of those errors I posted above. TIA.
Also tried using Firefox - same issues.
I do have the UDP port open. I didnt open TCP as the firewall is set to send only UDP. Ill try that and see.
If you go to your Search app, do you see any data from your host(s)? If not, you might not be getting data into your server. I would check if you have both TCP and UDP port for syslog open on the Splunk server. This is located on Manager, Data Inputs.
Did you restart the Splunk instance? It seems like that's necessary. Also, I would try browsing using Firefox or Safari. I've seen this error before but on IE. Not sure if it's a bug.
Thanks for the reply - I installed both - first having issues like above with the Security app, then installed the firewall app -both seem to get some data, but when i try to drill down, i start getting the errors.