Hi,
We were testing the playbook and are facing the following error when calling the Splunk Search function (using Splunk Integration for SOAR v1.1.1 app):
The playbook was terminated by the system due to a function error.
'Query [1658928363.475617] timed out. Final Status was [QUEUED]'
Traceback (most recent call last):
File "/opt/app-root/lib64/python3.9/site-packages/fn_splunk_integration/components/splunk_search.py", line 75, in _splunk_search_function
splunk_result = splunk_client.execute_query(query_string)
File "/opt/app-root/lib64/python3.9/site-packages/fn_splunk_integration/util/splunk_utils.py", line 114, in execute_query
raise IntegrationError("Query [{}] timed out. Final Status was [{}]".format(splunk_job.name, splunk_job["dispatchState"]))
resilient_lib.components.integration_errors.IntegrationError: 'Query [1658928363.475617] timed out. Final Status was [QUEUED]'
Starting 'splunk_search' that was running in workflow '8794'
Note that this error occurs when we turn on Splunk alerts (that generate multiple Resilient incidents). When testing the playbook by manually creating a single incident, this error does not appear. Any ideas how to resolve this issue?
------------------------------
Mark Aksen
------------------------------