All Apps and Add-ons

DECRYPT version 2.3.0 not working with python 3

gjanders
SplunkTrust
SplunkTrust

Splunk 8.0.4.1:

11-12-2020 06:29:03.713 INFO  ChunkedExternProcessor - Running process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/decrypt/bin/decrypt.py
11-12-2020 06:29:03.770 ERROR ChunkedExternProcessor - stderr: Traceback (most recent call last):
11-12-2020 06:29:03.770 ERROR ChunkedExternProcessor - stderr:   File "/opt/splunk/etc/apps/decrypt/bin/decrypt.py", line 12, in <module>
11-12-2020 06:29:03.771 ERROR ChunkedExternProcessor - stderr:     import decryptlib
11-12-2020 06:29:03.771 ERROR ChunkedExternProcessor - stderr:   File "/opt/splunk/etc/apps/decrypt/bin/decryptlib.py", line 1, in <module>
11-12-2020 06:29:03.771 ERROR ChunkedExternProcessor - stderr:     import StringIO
11-12-2020 06:29:03.771 ERROR ChunkedExternProcessor - stderr: ModuleNotFoundError: No module named 'StringIO'
11-12-2020 06:29:03.777 ERROR ChunkedExternProcessor - EOF while attempting to read transport header read_size=0
11-12-2020 06:29:03.777 ERROR ChunkedExternProcessor - Error in 'decrypt' command: External search command exited unexpectedly with non-zero error code 1.

The library exists in python2 but not the local python3 install in 8.0.x (which is confusing)

Setting this back to python2 appears to work...

Labels (1)
Tags (1)
0 Karma
1 Solution

Unicron
Engager

I realize that this is an old post but I came across this issue as well.  I had a previous version installed and then installed 2.3.0.  $SPLUNK_HOME/etc/apps/decrypt/bin/decryptlib.py was left from the previous version.  Delete this file because the updated version now exists in $SPLUNK_HOME/etc/apps/decrypt/lib.

View solution in original post

teresachila
Path Finder

Building on @Unicron 's post above, if there is a decryptlib.pyc, delete that as well. That works for us.

0 Karma

Unicron
Engager

I realize that this is an old post but I came across this issue as well.  I had a previous version installed and then installed 2.3.0.  $SPLUNK_HOME/etc/apps/decrypt/bin/decryptlib.py was left from the previous version.  Delete this file because the updated version now exists in $SPLUNK_HOME/etc/apps/decrypt/lib.

Get Updates on the Splunk Community!

Security Highlights: September 2022 Newsletter

 September 2022 The Splunk App for Fraud Analytics (SFA) is now Splunk SupportedUse your existing Splunk ...

Platform Highlights | September 2022 Newsletter

 September 2022 What’s New in 9.0 and How to UpgradeGet a walk through of what is new Splunk Enterprise 9.0 ...

Observability Highlights | September 2022 Newsletter

 September 2022 Splunk Observability SuiteAccess to "Classic" SignalFx Interface Will be Removed on Sept 30, ...