All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why the error after upgrade Splunk version?

nyuad
Observer
‎08-15-2022 08:16 AM

HI ,

Getting error after upgrade Splunk version, It is custom service link app, how to fix this issue, suscpecting app is not cpmpactable with python 3.7

08-15-2022 18:26:33.763 +0400 ERROR ScriptRunner [10252 TcpChannelThread] - stderr from '/data/splunk/bin/python3.7 /data/splunk/bin/runScript.py setup': The script at path=/data/splunk/etc/apps/TA-servicelink/bin/TA_servicelink_rh_settings.py has thrown an exception=Traceback (most recent call last):
08-15-2022 18:26:33.763 +0400 ERROR ScriptRunner [10252 TcpChannelThread] - stderr from '/data/splunk/bin/python3.7 /data/splunk/bin/runScript.py setup': File "/data/splunk/etc/apps/TA-servicelink/bin/ta_servicelink/splunktaucclib/rest_handler/endpoint/validator.py", line 388
08-15-2022 18:26:33.764 +0400 ERROR ScriptRunner [10252 TcpChannelThread] - stderr from '/data/splunk/bin/python3.7 /data/splunk/bin/runScript.py setup': File "/data/splunk/etc/apps/TA-servicelink/bin/ta_servicelink/splunktaucclib/rest_handler/endpoint/validator.py", line 388
08-15-2022 18:34:47.307 +0400 ERROR ScriptRunner [21184 TcpChannelThread] - stderr from '/data/splunk/bin/python3.7 /data/splunk/bin/runScript.py setup': The script at path=/data/splunk/etc/apps/TA-servicelink/bin/TA_servicelink_rh_settings.py has thrown an exception=Traceback (most recent call last):
08-15-2022 18:34:47.307 +0400 ERROR ScriptRunner [21184 TcpChannelThread] - stderr from '/data/splunk/bin/python3.7 /data/splunk/bin/runScript.py setup': File "/data/splunk/etc/apps/TA-servicelink/bin/ta_servicelink/splunktaucclib/rest_handler/endpoint/validator.py", line 388
08-15-2022 18:34:47.309 +0400 ERROR ScriptRunner [21184 TcpChannelThread] - stderr from '/data/splunk/bin/python3.7 /data/splunk/bin/runScript.py setup': File "/data/splunk/etc/apps/TA-servicelink/bin/ta_servicelink/splunktaucclib/rest_handler/endpoint/validator.py", line 388
08-15-2022 18:40:39.629 +0400 INFO sendmodalert [18314 AlertNotifierWorker-0] - Invoking modular alert action=servicelink for search="Threat - NYUAD - Exfiltration of Valuable Data - Rule" sid="scheduler__admin__SplunkEnterpriseSecuritySuite__RMD5ecd0c23d8fa296d1_at_1660574400_145_92DB7169-4DFE-4D47-AE11-FB9899BE27C5" in app="SplunkEnterpriseSecuritySuite" owner="admin" type="saved"
08-15-2022 18:40:39.683 +0400 ERROR sendmodalert [18314 AlertNotifierWorker-0] - action=servicelink STDERR - File "/data/splunk/etc/apps/TA-servicelink/bin/servicelink.py", line 57
08-15-2022 18:40:39.683 +0400 ERROR sendmodalert [18314 AlertNotifierWorker-0] - action=servicelink STDERR - results_url=self.settings.get('results_link')
08-15-2022 18:40:39.683 +0400 ERROR sendmodalert [18314 AlertNotifierWorker-0] - action=servicelink STDERR - ^
08-15-2022 18:40:39.683 +0400 ERROR sendmodalert [18314 AlertNotifierWorker-0] - action=servicelink STDERR - TabError: inconsistent use of tabs and spaces in indentation
08-15-2022 18:40:39.686 +0400 INFO sendmodalert [18314 AlertNotifierWorker-0] - action=servicelink - Alert action script completed in duration=45 ms with exit code=1
08-15-2022 18:40:39.686 +0400 WARN sendmodalert [18314 AlertNotifierWorker-0] - action=servicelink - Alert action script returned error code=1

Labels (2)
Labels
Tags (2)
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎08-15-2022 09:03 AM

@nyuad - It seems the following file from TA-servicelink Add-on has a Python indentation error.

/data/splunk/etc/apps/TA-servicelink/bin/servicelink.py

 

Generally, the Indentation error is not related Python version.
In any case, this is an Add-on code issue and not a Splunk issue, just to clarify.

 

I hope this helps!!

0 Karma
Reply

nyuad
Observer
‎08-16-2022 06:02 AM

Hi VatsalJagani,

can you suggest few workaround for fixing this issue. I have pushed from deployer after making the changes in script but not helped. 

 

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎08-16-2022 06:43 AM

Following is the approach I would choose in the order given here.

  • Try upgrading Add-on and check.
  • Contact the Add-on developer about the issue.
  • Resolving the indentation issue yourself, requires Python expertise.

 

I hope this helps!!!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...