I just installed the new Browsing history analysis app on the latest version of Splunk 6.3.0 and have deployed the app out to a few Windows Universal forwarders that I want to monitor browsing history on. When the forwarder tries to run the "monitor.py" script to get the data, I am getting the following error:
Traceback (most recent call last):
File "monitor.py", line 4, in <module>
import splunk.bundle as bundle
ImportError: No module named splunk.bundle
Python is installed properly and working. I am just not sure why the scripted inputs are not working with this app.
Unfortunately I don't have enough time right now to work on this project.
The problem here is that Universal Forwarders don't ship with Python bundled in, as full install does and secondly, this app makes use of some internal python libs that also would need to be installed in order to run the app.
The solution would be to 1. install Python interpreter on Uni Fwder; 2. rewrite those inputs to cut on using those internal libs and use some python sdk instead.
I haven't tried that, but in theory, since it's just missing some libs, we could copy them from the full Splunk and make them available on the forwarder. You'll need Python-2.7/Lib/site-packages/splunk directory to be seen by your Python interpreter as 'splunk'. You can add the splunk folder path to PYTHONPATH environment variable for this: https://docs.python.org/3/using/cmdline.html#envvar-PYTHONPATH
Again, not sure if this would work, but worth a try.