Re: After Install question

rgeddes · ‎04-19-2011

ubuntu 10.04 server, linux 2.6.32, splunk 4.2., graphviz 2.20.2, afterglow 1.6

Installed Afterglow Graphing according to the README file, restarted splunk, inserted the suggested search

(index=* linecount=1 | fields + source host sourcetype | head 1000)

but no graph was created, just "1000 matching events".

What am I missing to get the graphs to display?

usethesource · ‎04-02-2012

I have fixed the issue, at least on my system.

The problem was the graphviz packages from Red Hat do not include gif rendering. I updated to the package from the graphviz repository and now everything works.

I also found that Text:CSV wasn't installed, but installing that had no effect.

raffy · ‎04-01-2012

One more thing...

Make sure you have Text::CSV installed on your machine. This seems to be the most common problem.

On Ubuntu:

sudo apt-get install libtext-csv-perl

g3s1oa · ‎03-15-2012

Hi Raffy -

I gave that a shot and it didn't seem to have an effect. Same error:

2012-03-15 15:41:26,112 ERROR [4f626206051e57890] module:56 - [Errno 2] No such file or directory: u'/opt/splunk/etc/apps/afterglow/appserver/modules/AfterGlow/../../static/afterglow1331847685.2.map'
Traceback (most recent call last):
File "/opt/splunk/lib/python2.6/site-packages/splunk/appserver/mrsparkle/controllers/module.py", line 54, in renderModule
pageContent = instance.generateResults(**args)
File "/opt/splunk/etc/apps/afterglow/appserver/modules/AfterGlow/AfterGlow.py", line 87, in generateResults
fileDesc = open(os.path.join(TARGETDIR,mapName),'r')
IOError: [Errno 2] No such file or directory: u'/opt/splunk/etc/apps/afterglow/appserver/modules/AfterGlow/../../static/afterglow1331847685.2.map'

My afterglow.py config:

AFTERGLOWLOCATION = "/opt/splunk/afterglow/src/perl/graph"
AFTERGLOWPARAMETERS = "-c /opt/splunk/afterglow/src/perl/graph/sample.properties -e 1.2"

if maxNumberOfFields==2:
localCommand += " -t"

        try:
            output = os.popen(localCommand + " | /usr/bin/neato -Tgif -o " + os.path.join(TARGETDIR,imageName) + " -Tcmapx -o " + os.path.join(TARGETDIR, mapName),"w")
        except ImportError:
            raise Exception('AfterGlow.generateResults - AfterGlow could not be executed!')

        output.write(outStr)
        output.close()

root@ubuntu-server:/opt/splunk/etc/apps/afterglow/appserver/modules/AfterGlow# which neato
/usr/bin/neato
root@ubuntu-server:/opt/splunk/etc/apps/afterglow/appserver/modules/AfterGlow#

raffy · ‎03-15-2012

Latest update on this. Try adding the full path for the 'neato' binary! I have seen it not work because neato was not in the path. Here is what to change:

AfterGlow.py:78

output = os.popen(localCommand + " | /usr/local/bin/neato -Tgif -o " + os.path.join(TARGETDIR,imageName) + " -Tcmapx -o " + os.path.join(TARGETDIR, mapName),"w")

Make sure that the path you are adding for neato is actually correct (run 'which neato' to find where it lives). This should fix the problem.

usethesource · ‎03-29-2012

Raffy,

I've given this a try. I still get the same error message as before.

g3s1oa · ‎03-15-2012

Hey guys -

I'm attempting to run AfterGlow in 4.3 --- Receiving an error when I run "index=* linecount=1 | fields + source host sourcetype | head 100"

Says "[AfterGlow module] [Errno 2] No such file or directory: u'/opt/splunk/etc/apps/afterglow/appserver/modules/AfterGlow/../../static/afterglow1331836869.5.map'"

Is this a known error or did I screw something up in the config?

Thanks.

Update::: Tried it in 4.2.5 and got the same error - here's the error in var/log/web_services.log

2012-03-15 13:20:15,686 ERROR [4f6240efa234f8890] module:56 - [Errno 2] No such file or directory: u'/opt/splunk/etc/apps/afterglow/appserver/modules/AfterGlow/../../static/afterglow1331839215.6.map'
Traceback (most recent call last):
File "/opt/splunk/lib/python2.6/site-packages/splunk/appserver/mrsparkle/controllers/module.py", line 54, in renderModule
pageContent = instance.generateResults(**args)
File "/opt/splunk/etc/apps/afterglow/appserver/modules/AfterGlow/AfterGlow.py", line 87, in generateResults
fileDesc = open(os.path.join(TARGETDIR,mapName),'r')
IOError: [Errno 2] No such file or directory: u'/opt/splunk/etc/apps/afterglow/appserver/modules/AfterGlow/../../static/afterglow1331839215.6.map'

raffy · ‎01-05-2012

The AfterGlow application had to be updated to work with Splunk 4.2.x. There is a new release as of January 5th 2012 (version 1.6.2) which works with Splunk 4.2.x!

Please DOWNLOAD THE NEW RELEASE!

Also do not read the instructions in the Splunk blog entry about how to make the application work. Read the README file that comes with the app and is places in $SPLUNK_HOME/etc/apps/afterglow/README. You basically have to change two parameters in the AfterGlow.py file (AFTERGLOWLOCATION and AFTERGLOWPARAMETERS) to make things work.

See you on http://secviz.org!

netwrkr · ‎04-19-2011

It doesn't work in v4.

http://splunk-base.splunk.com/answers/9243/afterglow-not-working

sideview · ‎04-19-2011

It actually worked in 4.0.X, but 4.1 introduced some changes that broke it. Raffy and I are working on how I can fix it for him. Stay tuned.

After Install question

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?