Archive

Splunk App for *nix not Compatible with Splunk 8.0.0

Explorer

The current version of the Splunk App for Nix (v5.2.5 as of 12/11/2019) does not work with Splunk 8.0.0 (The web server will fail to start). Disabling the App is not enough, and it had to be removed via the CLI for the web server to start.

As this is an official supported app, is there any timeline for an update to this app? It does not appear to have been updated in over a year. We use a lot of the alerts native to this app in conjunction with with the Splunk Addon for Linux (Which is updated and supported on Splunk 8.0.0).

Thanks!

Tags (1)

SplunkTrust
SplunkTrust

Hi @ProdOps4245,

Yes, version 6.0.1 of the TA is not supported with Splunk version 8.0.

Make sure you are using version 7.0.0 of the TA as it's the only one supported with Splunk V8.0, you can find it here : https://splunkbase.splunk.com/app/833/

Hope that helps.

Cheers,
David

0 Karma

Explorer

We are currently using version 7.0.0 of the Linux TA. The one in question is the Splunk App for Linux (Not Addon)....https://splunkbase.splunk.com/app/273/

0 Karma

SplunkTrust
SplunkTrust

Oh sorry about that, it's not supported either.

From the looks of the error it's got something to do with this : "Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgrades"
The app should be migrated to support Python 3.7 : https://docs.splunk.com/Documentation/Splunk/latest/Python3Migration/AboutMigration

0 Karma

Explorer

Yeah, looking at the exception thrown, it is definitely related to the Python migration. I figured that was the issue and was more curious when Splunk plans to release an update to this App since it is an official Splunk Built App (and I would assume somewhat popular).

0 Karma

SplunkTrust
SplunkTrust

I agree with you.. should've been released by now.

Try reaching out to support maybe they have something. As a workaround have a look here :
https://answers.splunk.com/answers/777309/splunk-80-upgrade-has-no-web-server-running.html

Maybe also try fixing or removing the /opt/splunk/etc/apps/splunk_app_for_nix/appserver/modules/CFHiddenSearch/CFHiddenSearch.py and see if that's the only thing causing the issue.

0 Karma

Communicator

Hi ProdOps4245 -
Can you put your splunkd.log file in here from the server that had the web server failure? We need to get some idea/details of the errors around it in order to better answer your question.

Thanks!
Mike

0 Karma

Explorer

Here is the log snippet from the web_service.log file showing the failure...Once the Splunk LInux App is removed it starts normally...

2019-12-10 15:55:11,620 ERROR   [5df0062eef7fd399dd1990] root:769 - Unable to start splunkweb
 2019-12-10 15:55:11,620 ERROR   [5df0062eef7fd399dd1990] root:770 - invalid syntax (CFHiddenSearch.py, line 65)
 Traceback (most recent call last):
   File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/root.py", line 132, in <module>
     from splunk.appserver.mrsparkle.controllers.top import TopController
   File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/controllers/top.py", line 27, in <module>
     from splunk.appserver.mrsparkle.controllers.admin import AdminController
   File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/controllers/admin.py", line 25, in <module>
     from splunk.appserver.mrsparkle.controllers.appinstall import AppInstallController
   File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/controllers/appinstall.py", line 22, in <module>
     from splunk.appserver.mrsparkle.lib import module
   File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 465, in <module>
     moduleMapper = ModuleMapper()
   File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 83, in __init__
     self.installedModules = self.getInstalledModules()
   File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 28, in helper
     return f(*a, **kw)
   File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 448, in getInstalledModules
     mods = self.getModuleList(root)
   File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 37, in helper
     return f(*a, **kw)
   File "/opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/lib/module.py", line 223, in getModuleList
     mod = __import__(modname)
   File "/opt/splunk/etc/apps/splunk_app_for_nix/appserver/modules/CFHiddenSearch/CFHiddenSearch.py", line 65
     except splunk.ResourceNotFound, e:
                                   ^
 SyntaxError: invalid syntax
0 Karma