All Apps and Add-ons

DECRYPT version 2.3.0 not working with python 3

gjanders
SplunkTrust
SplunkTrust

Splunk 8.0.4.1:

11-12-2020 06:29:03.713 INFO  ChunkedExternProcessor - Running process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/decrypt/bin/decrypt.py
11-12-2020 06:29:03.770 ERROR ChunkedExternProcessor - stderr: Traceback (most recent call last):
11-12-2020 06:29:03.770 ERROR ChunkedExternProcessor - stderr:   File "/opt/splunk/etc/apps/decrypt/bin/decrypt.py", line 12, in <module>
11-12-2020 06:29:03.771 ERROR ChunkedExternProcessor - stderr:     import decryptlib
11-12-2020 06:29:03.771 ERROR ChunkedExternProcessor - stderr:   File "/opt/splunk/etc/apps/decrypt/bin/decryptlib.py", line 1, in <module>
11-12-2020 06:29:03.771 ERROR ChunkedExternProcessor - stderr:     import StringIO
11-12-2020 06:29:03.771 ERROR ChunkedExternProcessor - stderr: ModuleNotFoundError: No module named 'StringIO'
11-12-2020 06:29:03.777 ERROR ChunkedExternProcessor - EOF while attempting to read transport header read_size=0
11-12-2020 06:29:03.777 ERROR ChunkedExternProcessor - Error in 'decrypt' command: External search command exited unexpectedly with non-zero error code 1.

The library exists in python2 but not the local python3 install in 8.0.x (which is confusing)

Setting this back to python2 appears to work...

Labels (1)
Tags (1)
0 Karma

Unicron
Engager

I realize that this is an old post but I came across this issue as well.  I had a previous version installed and then installed 2.3.0.  $SPLUNK_HOME/etc/apps/decrypt/bin/decryptlib.py was left from the previous version.  Delete this file because the updated version now exists in $SPLUNK_HOME/etc/apps/decrypt/lib.

.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!