This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About deven.amode
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About deven.amode
10-27-2022
5Posts
1Like
0Solutions
Oct 27, 2022Last Visited
User
Activity
User
Profile
Latest posts by deven.amode
| Subject | Views | Posted |
|---|---|---|
| 2744 | 10-26-2022 06:35 AM | |
| 2748 | 10-26-2022 06:09 AM | |
| 3277 | 10-26-2022 05:54 AM | |
| 3283 | 10-26-2022 05:43 AM | |
| 3658 | 10-26-2022 03:00 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 10-26-2022 05:54 AM |
User Badges
Community Statistics
| Member Since | 08-31-2022 06:07 PM |
| Date Last Visited | 10-27-2022 12:28 AM |
| Posts | 5 |
| Total Likes Received | 1 |
10-26-2022
06:35 AM
This is what I got which indicates its set to 15 minutes and the Splunk search took 12 mins.
2022-10-26 13:21:25.5782 debug Waiting for runner request for unnested script [SplunkPy_AWS_ES_SplunkPy_splunk-search], with script timeout [15m0s] (source: /builds/GOPATH/src/code.pan.run/xsoar/server/services/automation/dockercoderunner.go:417)
Any ideas why still the automation might have failed ?
... View more
10-26-2022
06:09 AM
@tyler_bailey unfortunately, it still didn't work. after applying the setting SplunkPy. splunk-search.timeout to 15 and saving the config, I attempted to re-run the automation but got the same result.
Do I need to restart the XSOAR instance or do anything else to make it work ?
Can you please share more troubleshooting steps ?
... View more
10-26-2022
05:54 AM
1 Kudo
Thanks @tyler_bailey for clarifying that. I have applied that config and testing now. Will let you know how it goes.
... View more
10-26-2022
05:43 AM
Thanks for your reply @tyler_bailey
so as an example should the parameter be this assuming the integration name is SplunkPy_ABC and value 15?
SplunkPy_ABC.splunk-search.timeout
... View more
10-26-2022
03:00 AM
We have a playbook task that sends a query to run on Splunk using the SplunkPy but it keeps failing and returning the following error #22: Splunk Search Query
Command: !splunk-search query="index= test blah blah" earliest_time="1666679348" latest_time="1666852148" batch_limit="25000" update_context="true" interval_in_seconds="30" Reason Error from SplunkPy is : Script failed to run: Timeout Error: Docker code script failed due to timeout, consider changing timeout value for this automation, (2604) (2603)
I checked the corresponding query on Splunk's end and noticed it took 11 minutes to run. Following that I lookedup the https://xsoar.pan.dev/docs/reference/integrations/splunk-py doc page to find out timeout setting on the Splunk instance in XSOAR and the only one I could find was the enrichment timeout, the default for which was 5 minutes. So after changed the setting to 15minutes, the task splunk-search(SplunkPy) still kept failing due to timeout. I am suspecting I am probably changing timeout setting at the wrong place. Since the suggestion in the error message is to change timeout on automation I checked the automation splunk-search(SplunkPy) but couldn't find the timeout setting.
Can someone please assist with this ? Thanks!
... View more
- Tags:
- SplunkPy
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks