All Apps and Add-ons

ImportError: No module named splunk.Intersplunk - In ThreatConnect App.

sathiyasun
Explorer

When I try to run the python script have been getting the below error. Please advice. Also, trying to configure the threatconnect app but not luck if you have any steps please share that one as well. Thanks.

[spladmin@Splunklab bin]$ ./tc_report.py
Traceback (most recent call last):
  File "./tc_report.py", line 11, in 
    import splunk.Intersplunk
ImportError: No module named splunk.Intersplunk

[root@Splunklab ~]# whereis python
python: /usr/bin/python /usr/bin/python2.7 /usr/lib/python2.7 /usr/lib64/python2.7 /etc/python /usr/include/python2.7 /usr/share/man/man1/python.1.gz

[root@Splunklab ~]# yum list python
Loaded plugins: enabled_repos_upload, package_upload, product-id, search-disabled-repos, subscription-manager
Installed Packages
python.x86_64                                                                            2.7.5-68.el7                                                                             @rhel-7-server-rpms
Uploading Enabled Repositories Report
Loaded plugins: product-id, subscription-manager
0 Karma

acharlieh
Influencer

I have not dealt with the ThreatConnect app, but their User Guide including setup instructions is available through their site: https://kb.threatconnect.com/customer/portal/articles/2146321--threatconnect-app-for-splunk-enterpri...

I suspect that the python script in question designed to be launched by Splunk / using the built in python that is shipped with Splunk, and is not supposed to be launched using your system python installation. I reach that conclusion through two older answers posts:

First this answer discussing how launching a script directly from the command line is not the same as launching it through Splunk : https://answers.splunk.com/answering/417389/view.html

And then this answer about invoking the python interpreter through Splunk to find out about splunk.Intersplunk from a Splunk installation: https://answers.splunk.com/answering/7910/view.html

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...