All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why the error after upgrade Splunk version?

nyuad
Observer
‎08-15-2022 08:16 AM

HI ,

Getting error after upgrade Splunk version, It is custom service link app, how to fix this issue, suscpecting app is not cpmpactable with python 3.7

08-15-2022 18:26:33.763 +0400 ERROR ScriptRunner [10252 TcpChannelThread] - stderr from '/data/splunk/bin/python3.7 /data/splunk/bin/runScript.py setup': The script at path=/data/splunk/etc/apps/TA-servicelink/bin/TA_servicelink_rh_settings.py has thrown an exception=Traceback (most recent call last):
08-15-2022 18:26:33.763 +0400 ERROR ScriptRunner [10252 TcpChannelThread] - stderr from '/data/splunk/bin/python3.7 /data/splunk/bin/runScript.py setup': File "/data/splunk/etc/apps/TA-servicelink/bin/ta_servicelink/splunktaucclib/rest_handler/endpoint/validator.py", line 388
08-15-2022 18:26:33.764 +0400 ERROR ScriptRunner [10252 TcpChannelThread] - stderr from '/data/splunk/bin/python3.7 /data/splunk/bin/runScript.py setup': File "/data/splunk/etc/apps/TA-servicelink/bin/ta_servicelink/splunktaucclib/rest_handler/endpoint/validator.py", line 388
08-15-2022 18:34:47.307 +0400 ERROR ScriptRunner [21184 TcpChannelThread] - stderr from '/data/splunk/bin/python3.7 /data/splunk/bin/runScript.py setup': The script at path=/data/splunk/etc/apps/TA-servicelink/bin/TA_servicelink_rh_settings.py has thrown an exception=Traceback (most recent call last):
08-15-2022 18:34:47.307 +0400 ERROR ScriptRunner [21184 TcpChannelThread] - stderr from '/data/splunk/bin/python3.7 /data/splunk/bin/runScript.py setup': File "/data/splunk/etc/apps/TA-servicelink/bin/ta_servicelink/splunktaucclib/rest_handler/endpoint/validator.py", line 388
08-15-2022 18:34:47.309 +0400 ERROR ScriptRunner [21184 TcpChannelThread] - stderr from '/data/splunk/bin/python3.7 /data/splunk/bin/runScript.py setup': File "/data/splunk/etc/apps/TA-servicelink/bin/ta_servicelink/splunktaucclib/rest_handler/endpoint/validator.py", line 388
08-15-2022 18:40:39.629 +0400 INFO sendmodalert [18314 AlertNotifierWorker-0] - Invoking modular alert action=servicelink for search="Threat - NYUAD - Exfiltration of Valuable Data - Rule" sid="scheduler__admin__SplunkEnterpriseSecuritySuite__RMD5ecd0c23d8fa296d1_at_1660574400_145_92DB7169-4DFE-4D47-AE11-FB9899BE27C5" in app="SplunkEnterpriseSecuritySuite" owner="admin" type="saved"
08-15-2022 18:40:39.683 +0400 ERROR sendmodalert [18314 AlertNotifierWorker-0] - action=servicelink STDERR - File "/data/splunk/etc/apps/TA-servicelink/bin/servicelink.py", line 57
08-15-2022 18:40:39.683 +0400 ERROR sendmodalert [18314 AlertNotifierWorker-0] - action=servicelink STDERR - results_url=self.settings.get('results_link')
08-15-2022 18:40:39.683 +0400 ERROR sendmodalert [18314 AlertNotifierWorker-0] - action=servicelink STDERR - ^
08-15-2022 18:40:39.683 +0400 ERROR sendmodalert [18314 AlertNotifierWorker-0] - action=servicelink STDERR - TabError: inconsistent use of tabs and spaces in indentation
08-15-2022 18:40:39.686 +0400 INFO sendmodalert [18314 AlertNotifierWorker-0] - action=servicelink - Alert action script completed in duration=45 ms with exit code=1
08-15-2022 18:40:39.686 +0400 WARN sendmodalert [18314 AlertNotifierWorker-0] - action=servicelink - Alert action script returned error code=1

Labels (2)
Labels
Tags (2)
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎08-15-2022 09:03 AM

@nyuad - It seems the following file from TA-servicelink Add-on has a Python indentation error.

/data/splunk/etc/apps/TA-servicelink/bin/servicelink.py

 

Generally, the Indentation error is not related Python version.
In any case, this is an Add-on code issue and not a Splunk issue, just to clarify.

 

I hope this helps!!

0 Karma
Reply

nyuad
Observer
‎08-16-2022 06:02 AM

Hi VatsalJagani,

can you suggest few workaround for fixing this issue. I have pushed from deployer after making the changes in script but not helped. 

 

0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎08-16-2022 06:43 AM

Following is the approach I would choose in the order given here.

  • Try upgrading Add-on and check.
  • Contact the Add-on developer about the issue.
  • Resolving the indentation issue yourself, requires Python expertise.

 

I hope this helps!!!

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...