All Apps and Add-ons

AfterGlow app not working

responsys_cm
Builder

I'm having trouble getting the AfterGlow app working on Centos 5.6 and Splunk 4.3.2, build 123586.

I followed the instructions here to setup the yum repository for GraphViz:

http://www.graphviz.org/Download_linux_rhel.php

I ran:

yum install webdot gts gtkglext gtkglarea2 graphviz

I downloaded AfterGlow 1.6.2 and extracted it to /opt/afterglow

I modified the following lines on the AfterGlow.py script:

AFTERGLOWLOCATION = "/opt/afterglow/src/perl/graph/"
AFTERGLOWPARAMETERS = "-c /opt/afterglow/src/perl/graph/sample.properties -e 1.2"
(tried both of these)
TARGETDIR = os.path.join(os.path.dirname(os.path.abspath(file)),"..","..","static")
TARGETDIR = "/opt/splunk/etc/apps/afterglow/appserver/static/"

Both TARGETDIR settings yield the same result.

Running a search and piping it to | fields A B C gives me:

[AfterGlow module] [Errno 2] No such file or directory: u'/opt/splunk/etc/apps/afterglow/appserver/static/afterglow1341548834.142.map'

I don't know python well enough to figure out how that "u" is being inserted in front of the file path.

Has anyone got this working?

Craig

0 Karma

responsys_cm
Builder

This is what worked for me:

Download AfterGlow:
http://sourceforge.net/projects/afterglow/files/AfterGlow%201.x/1.6.2/

Download perl-text-csv:
http://pkgs.repoforge.org/perl-Text-CSV/

Graphviz Installation:
Create a yum repository for it following the instructions at the top of the download URL
yum install webdot gts gtkglext gtkglarea2 graphviz
rpm -ivh perl-Text-CSV-0.01-1.2.el5.rf.noarch.rpm

Edit the following to reflect the afterglow paths you use:

/opt/splunk/etc/apps/afterglow/appserver/modules/AfterGlow/AfterGlow.py

AFTERGLOWLOCATION = "/opt/afterglow/src/perl/graph/"

AFTERGLOWPARAMETERS = "-c /opt/afterglow/src/perl/graph/sample.properties -e 1.2"

TARGETDIR = "/opt/splunk/etc/apps/afterglow/appserver/static/"

Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...