All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

DECRYPT version 2.3.0 not working with python 3

gjanders
SplunkTrust
SplunkTrust
‎11-11-2020 10:45 PM

Splunk 8.0.4.1:

11-12-2020 06:29:03.713 INFO  ChunkedExternProcessor - Running process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/decrypt/bin/decrypt.py
11-12-2020 06:29:03.770 ERROR ChunkedExternProcessor - stderr: Traceback (most recent call last):
11-12-2020 06:29:03.770 ERROR ChunkedExternProcessor - stderr:   File "/opt/splunk/etc/apps/decrypt/bin/decrypt.py", line 12, in <module>
11-12-2020 06:29:03.771 ERROR ChunkedExternProcessor - stderr:     import decryptlib
11-12-2020 06:29:03.771 ERROR ChunkedExternProcessor - stderr:   File "/opt/splunk/etc/apps/decrypt/bin/decryptlib.py", line 1, in <module>
11-12-2020 06:29:03.771 ERROR ChunkedExternProcessor - stderr:     import StringIO
11-12-2020 06:29:03.771 ERROR ChunkedExternProcessor - stderr: ModuleNotFoundError: No module named 'StringIO'
11-12-2020 06:29:03.777 ERROR ChunkedExternProcessor - EOF while attempting to read transport header read_size=0
11-12-2020 06:29:03.777 ERROR ChunkedExternProcessor - Error in 'decrypt' command: External search command exited unexpectedly with non-zero error code 1.

The library exists in python2 but not the local python3 install in 8.0.x (which is confusing)

Setting this back to python2 appears to work...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Unicron
Engager
‎01-23-2021 01:56 PM

I realize that this is an old post but I came across this issue as well.  I had a previous version installed and then installed 2.3.0.  $SPLUNK_HOME/etc/apps/decrypt/bin/decryptlib.py was left from the previous version.  Delete this file because the updated version now exists in $SPLUNK_HOME/etc/apps/decrypt/lib.

View solution in original post

Reply
Solved! Jump to solution

teresachila
Path Finder
‎12-16-2021 07:10 AM

Building on @Unicron 's post above, if there is a decryptlib.pyc, delete that as well. That works for us.

0 Karma
Reply
Solved! Jump to solution
Solution

Unicron
Engager
‎01-23-2021 01:56 PM

I realize that this is an old post but I came across this issue as well.  I had a previous version installed and then installed 2.3.0.  $SPLUNK_HOME/etc/apps/decrypt/bin/decryptlib.py was left from the previous version.  Delete this file because the updated version now exists in $SPLUNK_HOME/etc/apps/decrypt/lib.

Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...