- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Splunk App for *nix not Compatible with Splunk...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk App for *nix not Compatible with Splunk 8.0.0
The current version of the Splunk App for Nix (v5.2.5 as of 12/11/2019) does not work with Splunk 8.0.0 (The web server will fail to start). Disabling the App is not enough, and it had to be removed via the CLI for the web server to start.
As this is an official supported app, is there any timeline for an update to this app? It does not appear to have been updated in over a year. We use a lot of the alerts native to this app in conjunction with with the Splunk Addon for Linux (Which is updated and supported on Splunk 8.0.0).
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ProdOps4245,
Yes, version 6.0.1 of the TA is not supported with Splunk version 8.0.
Make sure you are using version 7.0.0 of the TA as it's the only one supported with Splunk V8.0, you can find it here : https://splunkbase.splunk.com/app/833/
Hope that helps.
Cheers,
David
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are currently using version 7.0.0 of the Linux TA. The one in question is the Splunk App for Linux (Not Addon)....https://splunkbase.splunk.com/app/273/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh sorry about that, it's not supported either.
From the looks of the error it's got something to do with this : "Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgrades"
The app should be migrated to support Python 3.7 : https://docs.splunk.com/Documentation/Splunk/latest/Python3Migration/AboutMigration
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yeah, looking at the exception thrown, it is definitely related to the Python migration. I figured that was the issue and was more curious when Splunk plans to release an update to this App since it is an official Splunk Built App (and I would assume somewhat popular).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agree with you.. should've been released by now.
Try reaching out to support maybe they have something. As a workaround have a look here :
https://answers.splunk.com/answers/777309/splunk-80-upgrade-has-no-web-server-running.html
Maybe also try fixing or removing the /opt/splunk/etc/apps/splunk_app_for_nix/appserver/modules/CFHiddenSearch/CFHiddenSearch.py and see if that's the only thing causing the issue.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ProdOps4245 -
Can you put your splunkd.log file in here from the server that had the web server failure? We need to get some idea/details of the errors around it in order to better answer your question.
Thanks!
Mike
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is the log snippet from the web_service.log file showing the failure...Once the Splunk LInux App is removed it starts normally...
2019-12-10 15:55:11,620 ERROR [5df0062eef7fd399dd1990] root:769 - Unable to start splunkweb
2019-12-10 15:55:11,620 ERROR [5df0062eef7fd399dd1990] root:770 - invalid syntax (CFHiddenSearch.py, line 65)
Traceback (most recent call last):
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/root.py", line 132, in <module>
from splunk.appserver.mrsparkle.controllers.top import TopController
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/controllers/top.py", line 27, in <module>
from splunk.appserver.mrsparkle.controllers.admin import AdminController
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/controllers/admin.py", line 25, in <module>
from splunk.appserver.mrsparkle.controllers.appinstall import AppInstallController
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/controllers/appinstall.py", line 22, in <module>
from splunk.appserver.mrsparkle.lib import module
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 465, in <module>
moduleMapper = ModuleMapper()
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 83, in __init__
self.installedModules = self.getInstalledModules()
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 28, in helper
return f(*a, **kw)
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 448, in getInstalledModules
mods = self.getModuleList(root)
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 37, in helper
return f(*a, **kw)
File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 223, in getModuleList
mod = __import__(modname)
File "/opt/splunk/etc/apps/splunk_app_for_nix/appserver/modules/CFHiddenSearch/CFHiddenSearch.py", line 65
except splunk.ResourceNotFound, e:
^
SyntaxError: invalid syntax
Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey
Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...
Monitoring Amazon Elastic Kubernetes Service (EKS)
