The current version of the Splunk App for Nix (v5.2.5 as of 12/11/2019) does not work with Splunk 8.0.0 (The web server will fail to start). Disabling the App is not enough, and it had to be removed via the CLI for the web server to start.
As this is an official supported app, is there any timeline for an update to this app? It does not appear to have been updated in over a year. We use a lot of the alerts native to this app in conjunction with with the Splunk Addon for Linux (Which is updated and supported on Splunk 8.0.0).
Yes, version 6.0.1 of the TA is not supported with Splunk version 8.0.
Make sure you are using version 7.0.0 of the TA as it's the only one supported with Splunk V8.0, you can find it here : https://splunkbase.splunk.com/app/833/
Hope that helps.
Oh sorry about that, it's not supported either.
From the looks of the error it's got something to do with this : "
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgrades"
The app should be migrated to support Python 3.7 : https://docs.splunk.com/Documentation/Splunk/latest/Python3Migration/AboutMigration
Yeah, looking at the exception thrown, it is definitely related to the Python migration. I figured that was the issue and was more curious when Splunk plans to release an update to this App since it is an official Splunk Built App (and I would assume somewhat popular).
I agree with you.. should've been released by now.
Try reaching out to support maybe they have something. As a workaround have a look here :
Maybe also try fixing or removing the
/opt/splunk/etc/apps/splunk_app_for_nix/appserver/modules/CFHiddenSearch/CFHiddenSearch.py and see if that's the only thing causing the issue.
Hi ProdOps4245 -
Can you put your splunkd.log file in here from the server that had the web server failure? We need to get some idea/details of the errors around it in order to better answer your question.
Here is the log snippet from the web_service.log file showing the failure...Once the Splunk LInux App is removed it starts normally...
2019-12-10 15:55:11,620 ERROR [5df0062eef7fd399dd1990] root:769 - Unable to start splunkweb 2019-12-10 15:55:11,620 ERROR [5df0062eef7fd399dd1990] root:770 - invalid syntax (CFHiddenSearch.py, line 65) Traceback (most recent call last): File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/root.py", line 132, in <module> from splunk.appserver.mrsparkle.controllers.top import TopController File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/controllers/top.py", line 27, in <module> from splunk.appserver.mrsparkle.controllers.admin import AdminController File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/controllers/admin.py", line 25, in <module> from splunk.appserver.mrsparkle.controllers.appinstall import AppInstallController File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/controllers/appinstall.py", line 22, in <module> from splunk.appserver.mrsparkle.lib import module File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 465, in <module> moduleMapper = ModuleMapper() File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 83, in __init__ self.installedModules = self.getInstalledModules() File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 28, in helper return f(*a, **kw) File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 448, in getInstalledModules mods = self.getModuleList(root) File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 37, in helper return f(*a, **kw) File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 223, in getModuleList mod = __import__(modname) File "/opt/splunk/etc/apps/splunk_app_for_nix/appserver/modules/CFHiddenSearch/CFHiddenSearch.py", line 65 except splunk.ResourceNotFound, e: ^ SyntaxError: invalid syntax