All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk for Cisco Identity Services (ISE): Why am I getting error "Splunkd daemon is not responding...The read operation timed out" trying to set up the app?

scottmwa
Explorer
‎06-15-2015 05:57 AM

When trying to set up this app, I get the following error:

Splunk could not perform action for resource apps/local/Splunk_TA_cisco-ise Splunkd daemon is not responding: ('Error connecting to /servicesNS/sorr/Splunk_TA_cisco-ise/apps/local/Splunk_TA_cisco-ise/setup: The read operation timed out',)
There was an error retrieving the configuration, can not process this page.

Splunk is running, and searching. It is on Server 2012. I do also have the Cisco ISE app (Splunk_CiscoISE) app installed, but it is currently disabled.

This is on a completely fresh Splunk install with only two other sources set up for the Cisco Security suite - TA Cisco ASA and TA Cisco IPS. Any help in how to find what is causing this error would be appreciated!

Reply
1 Solution
Solved! Jump to solution
Solution

jconger
Splunk Employee
Splunk Employee
‎08-15-2016 09:59 AM

What version of Splunk are you using? There is a known issue (ADDON-2610/SPL-91709) for 6.3 and below for setting up this add-on in Windows environments -> http://docs.splunk.com/Documentation/AddOns/released/CiscoISE/Releasenotes

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

jconger
Splunk Employee
Splunk Employee
‎08-15-2016 09:59 AM

What version of Splunk are you using? There is a known issue (ADDON-2610/SPL-91709) for 6.3 and below for setting up this add-on in Windows environments -> http://docs.splunk.com/Documentation/AddOns/released/CiscoISE/Releasenotes

0 Karma
Reply
Solved! Jump to solution

LarsN
Explorer
‎08-15-2016 06:58 AM

Also running Server 2012
The Splunkd.log says about this incident:

08-15-2016 15:14:46.166 +0200 WARN  SetupAdminHandler - Cannot find field='ise.host' in url='/splunktaciscoise/workflow_sidecar/pxGrid_QuarantineByIP/' setting value to empty string
08-15-2016 15:14:46.166 +0200 WARN  HttpListener - Socket error from 127.0.0.1 while accessing /servicesNS/admin/Splunk_TA_cisco-ise/apps/local/Splunk_TA_cisco-ise/setup: Winsock error 10053
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...