All Apps and Add-ons

Palo Alto Networks Add-on 6.3.1 upgrade on Splunk 7.3.5 index cluster - Bundle config warning

jeremyroyal
Engager

I am in the process of upgrading the 6.1.1 add-on to version 6.3.1 on an index cluster Splunk 7.3.5. When checking the bundle config "Validate and check Restart" I'm presented with the warnings below. Should anything be modified in the conf file to clear the warning and function with Python2? Or, is the app not compatible?

semstrp01: [Not Critical] Invalid key in stanza [autofocus_export] in /opt/splunk/etc/master-apps/Splunk_TA_paloalto/default/inputs.conf, line 9: python.version (value: python3).

semstrp01: [Not Critical] Invalid key in stanza [aperture] in /opt/splunk/etc/master-apps/Splunk_TA_paloalto/default/inputs.conf, line 12: python.version (value: python3).

semstrp01: [Not Critical] Invalid key in stanza [minemeld_feed] in /opt/splunk/etc/master-apps/Splunk_TA_paloalto/default/inputs.conf, line 19: python.version (value: python3).

semstrp01: [Not Critical] Invalid key in stanza [admin_external:Splunk_TA_paloalto_settings] in /opt/splunk/etc/master-apps/Splunk_TA_paloalto/default/restmap.conf, line 10: python.version (value: python3).

semstrp01: [Not Critical] Invalid key in stanza [admin_external:Splunk_TA_paloalto_aperture] in /opt/splunk/etc/master-apps/Splunk_TA_paloalto/default/restmap.conf, line 16: python.version (value: python3).

semstrp01: [Not Critical] Invalid key in stanza [admin_external:Splunk_TA_paloalto_autofocus_export] in /opt/splunk/etc/master-apps/Splunk_TA_paloalto/default/restmap.conf, line 22: python.version (value: python3).

semstrp01: [Not Critical] Invalid key in stanza [admin_external:Splunk_TA_paloalto_account] in /opt/splunk/etc/master-apps/Splunk_TA_paloalto/default/restmap.conf, line 28: python.version (value: python3).

semstrp01: [Not Critical] Invalid key in stanza [admin_external:Splunk_TA_paloalto_minemeld_feed] in /opt/splunk/etc/master-apps/Splunk_TA_paloalto/default/restmap.conf, line 34: python.version (value: python3).

Labels (3)
0 Karma
1 Solution

thambisetty
SplunkTrust
SplunkTrust

python.version in inputs.conf and restmap.conf is introduced in Splunk version 8. Since you are running 7.3.5 , your Splunk Enterprise is not recognizing.

You need to comment python.version in inputs.conf and restmap.conf to get rid of warnings.

————————————
If this helps, give a like below.

View solution in original post

thambisetty
SplunkTrust
SplunkTrust

python.version in inputs.conf and restmap.conf is introduced in Splunk version 8. Since you are running 7.3.5 , your Splunk Enterprise is not recognizing.

You need to comment python.version in inputs.conf and restmap.conf to get rid of warnings.

————————————
If this helps, give a like below.

jeremyroyal
Engager

Thanks thambisetty for the quick assist,

That solved my issue. Much appreciated!

0 Karma

thambisetty
SplunkTrust
SplunkTrust

Great to hear that my answer solved your problem. Keep posting new questions.😊

————————————
If this helps, give a like below.
0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...