All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Fresh install of Splunk 8.0, SA-Eventgen as an app, Windows 10 -- get an error right away

dancostello
New Member
‎10-28-2019 03:35 PM

Hello all,

I've just installed Splunk 8.0 (the free version) on a relatively uninteresting Windows 10 machine with all current patches. Accepted all defaults except I changed the home directory to "C:\Splunk\" and I selected Python 3.0. Splunk itself works beautifully, as far as I can tell. Without changing anything at all about the configuration, I then got Eventgen 7.0.0 from the splunkbase (https://splunkbase.splunk.com/app/1924/) and installed it per the directions. Upon restarting Splunk, I immediately got this message:

Unable to initialize modular input "modinput_eventgen" defined in the app "SA-Eventgen": Introspecting scheme=modinput_eventgen: script running failed (exited with code 1)..

On the CLI, this: 

splunk cmd python modinput_eventgen.py --scheme

produces this:

python: can't open file 'modinput_eventgen.py': [Errno 2] No such file or directory

and when I cd to the app's bin directory and run the same command, I get this:

Traceback (most recent call last):
  File "modinput_eventgen.py", line 15, in <module>
    from splunk_eventgen import eventgen_core  # noqa isort:skip
ImportError: No module named splunk_eventgen

I've tried several variations -- I've installed with Python 2.0, I tried installing Splunk 7.3.2... nothing. I get the same errors every time.

Also, presumably since my problem is more fundamental, there is no "SA-Eventgen" under "Settings > Data Inputs".

I would be very grateful for any and all guidance. Thank you!

--Dan

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gwang_splunk
Splunk Employee
Splunk Employee
‎10-30-2019 05:06 AM

After digging deeper, I found out this might be a bug in splunk 8.0 about python3.
And the sad news is that there is no work around for this.
I have reported an issue. I will updated as soon as I get any further update.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gwang_splunk
Splunk Employee
Splunk Employee
‎10-30-2019 05:06 AM

After digging deeper, I found out this might be a bug in splunk 8.0 about python3.
And the sad news is that there is no work around for this.
I have reported an issue. I will updated as soon as I get any further update.

0 Karma
Reply
Solved! Jump to solution

dancostello
New Member
‎10-30-2019 09:49 AM

Thank you, Guodong, I'm very grateful for your efforts. Can I assume, then, that my only option is to use an earlier version of Splunk and use python2?
(I should mention that I'm asking specifically because I have a deadline -- in a couple of weeks I have to deliver a product that includes demonstrations using eventgen.)

0 Karma
Reply
Solved! Jump to solution

ivanreis
Builder
‎10-30-2019 03:15 PM

I believe on this moment, you should choose to use python2. As a previously mentioned, you can use the old eventgen version on Splunk 8. I believe it will does fit your needs to run your demo.

0 Karma
Reply
Solved! Jump to solution

dancostello
New Member
‎10-30-2019 04:30 PM

Thank you, Ivan!

0 Karma
Reply
Solved! Jump to solution

gwang_splunk
Splunk Employee
Splunk Employee
‎10-30-2019 05:30 PM

yes. Please use an old version of eventgen. It should work with splunk 8.0.
Do not use eventgen 7. After eventgen 7, it is only python3 supported.

0 Karma
Reply
Solved! Jump to solution

gwang_splunk
Splunk Employee
Splunk Employee
‎10-29-2019 08:10 AM

please use an editor to open the SA-Eventgen app folder. Put an empty file under the sub directory SA-Eventgen/lib/splunk_eventgen.
The empty file name should be init.py
Do not put any content in the file.
And restart splunk to check.

Till now, the splunk_eventgen should be loaded as a module.

Please make sure to set the python.version = python3 in server.conf. Starting from Eventgen 7.0, it is python3 only release.

0 Karma
Reply
Solved! Jump to solution

ivanreis
Builder
‎10-28-2019 05:09 PM

I am running on MacBook and I had similiar issue. I also added the python configuration required for the new Eventgen version
"Note: Please set "python.version = python3" in "server.conf" in $SPLUNK_HOME/etc/system/local in [general] stanza" and it did not work either.
I am still running Splunk 8.0 version, but I redeployed the previous SA-Eventgen version = 6.5.1, and I remove the python3 configuration from server.conf, and it is working using the old python version, but I believe this new eventgen version is running on any issues that I am not able to figure it out. I hope this can help you.

0 Karma
Reply
Solved! Jump to solution

lwu_splunk
Splunk Employee
Splunk Employee
‎10-28-2019 06:12 PM

Any ERROR log after you set the python.verison?

0 Karma
Reply
Solved! Jump to solution

ivanreis
Builder
‎10-29-2019 03:11 PM

10-29-2019 10:49:45.581 +1100 ERROR ModularInputs - Unable to initialize modular input "modinput_eventgen" defined in the app "SA-Eventgen": Introspecting scheme=modinput_eventgen: script running failed (exited with code 1)..

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...