I installed the latest Palo Alto Networks App for Splunk (v5.0) and tried to run the "pancontentpack" script/command to update the applications and threat signatures (app_list.csv & threat_list.csv).
I tried the following search commands, but got the "ImportError: No module named xmltodict" error in search.log
| pancontentpack apps
| pancontentpack threats
search.log
02-02-2016 21:14:26.028 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/panContentPack.py threats': Traceback (most recent call last):
02-02-2016 21:14:26.028 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/panContentPack.py threats': File "/opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/panContentPack.py", line 54, in
02-02-2016 21:14:26.028 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/panContentPack.py threats': import xmltodict
02-02-2016 21:14:26.028 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/panContentPack.py threats': ImportError: No module named xmltodict
02-02-2016 21:14:26.039 ERROR script - sid:1454447665.852 External search command 'pancontentpack' returned error code 1.
Any ideas on how to fix it?
This issue is resolved in version 6.0.0 of the App.
Helllo, Is this issue resolved. Even i am also getting the same error when i am trying to run the saved search to update the metadata.I am using the splunk version 7.0.
Hello, can you tell me what version of Splunk you are using? Thanks!
Splunk Enterprise 6.3.0
We found an error and are fixing it, but I don't think it's the same error you're seeing. Can you tell me exactly what version of the App and PAN-OS you are using? Thanks!
It was a old post from last year and was fixed. I have a new problem posted at https://answers.splunk.com/answers/581041/palo-alto-networks-app-for-splunk-531-pancontentpa.html. Thanks!