All Apps and Add-ons

ImportError: No module named arparse


I get this error when I try to run the scripts in the eStreamer eNcore app. I found that it is trying to import a module for the eStreamer eNcore preflight checks. This is holding up the app from starting up.

Does anyone have any ideas how to correct this issue?

Thank you.

0 Karma


The splencore scripts will only run when run by Splunk itself - they're not designed to be run directly by the user. (They rely on environment variables specific to the Splunk user).

Navigate to app settings in Splunk – from the home page, click the “cog” icon

Find Cisco eStreamer eNcore for Splunk and click “Set-up”

At a minimum:

  • enter the “FMC hostname or IP address” and
  • check the “Process PKCS12 file?”. Optionally enter a password here

Each time you load this page, “Process PKCS12 file” is reset to “no” and the password is not saved. It used once to process the PKCS12 file using openSSL and store a public-private key pair.

Now enable the data inputs in Splunk.

Navigate to Settings > Data Inputs > Files & Directories and enable the single TA-eStreamer app input (cisco:estreamer:data) – this is the where the main output data files are saved

Now navigate to Settings > Data Inputs > Scripts and enable the three TA-eStreamer inputs:

  • cisco:estreamer:clean – this script has no output but is used to delete data files older than 12 hours
  • cisco:estreamer:log – this script uses the stdout of eNcore to take program log data. This becomes very useful where things are not going to plan
  • cisco:estreamer:status – this script runs periodically to maintain a clear status of whether the program is running or not

Finally, once you have fully configured the collector and enabled the inputs, navigate back to the set-up page in app settings, enable eNcore (“is enabled?”) and press save.

To check the status, search for sourcetype="cisco:estreamer:status"
To check more detailed log output, search for sourcetype="cisco:estreamer:log"
To look for eStreamer data, search for sourcetype=" cisco:estreamer:data"

0 Karma
Get Updates on the Splunk Community!

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...

Want to Reduce Costs, Mitigate Risk, Improve Performance, or Increase Efficiencies? ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...