All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

IPInfo app not working properly

dm1
Contributor
2 weeks ago

I am getting this SyntaxError  while using the IPinfo Splunk App on my Splunk Enterprise instance.

Environment Details:

  • Splunk Version: 9.2.2

  • App Name: IPinfo Splunk App

  • OS: Linux

Problem Description: When running the ipinfo command in a search, the command fails. Upon inspecting the search.log, I found that the external search command is exiting with a SyntaxError.

It appears the script ipinfo_command.py uses the assignment expression (Walrus Operator :=), which was introduced in Python 3.8. However, even on Splunk 9.2.2, the script is being invoked using the bundled Python 3.7 interpreter in my environment, leading to the following error:

ERROR ChunkedExternProcessor - stderr: File "/opt/splunk/etc/apps/ipinfo_app/bin/ipinfo_command.py", line 139
ERROR ChunkedExternProcessor - stderr: ip_addresses = [v.strip() for f in fields if (v := record.get(f)) and v.strip()]
ERROR ChunkedExternProcessor - stderr:                                                                   ^
ERROR ChunkedExternProcessor - stderr: SyntaxError: invalid syntax
ERROR ChunkedExternProcessor - Error in 'ipinfo' command: External search command exited unexpectedly with non-zero error code 1.

Can someone please help ?

Labels (1)
Labels
Tags (1)
0 Karma
Reply

max-ipinfo
Explorer
2 weeks ago

Hi,

I work for IPinfo. Can you please open a support ticket with us? Our integration engineering team will take a look.

 

— Abdullah | DevRel, IPinfo

 

Reply

dm1
Contributor
Sunday

I already opened a case 12 days ago but have not heard back on the issue yet.

0 Karma
Reply

PrewinThomas
Motivator
2 weeks ago

@dm1 

Which version of the app are you running, and does your Splunk deployment only have Python 3.7?

Can you check which Python runtimes are available on your Splunk instance, and if you have a 3.7+ runtime, explicitly reference that in the app’s commands.conf and test the command again.

$SPLUNK_HOME/bin/splunk cmd python3 -V


Regards,
Prewin
🌟If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

0 Karma
Reply

dm1
Contributor
2 weeks ago


9.4.0 is the App version

/opt/splunk/bin/splunk cmd python3 -V

Output is Python 3.7.17

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...