Archive2
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

ImportError: No module named splunklib.searchcommands

bugnet
Path Finder
‎05-05-2019 03:20 AM

Hi all,

I'm working with app "misp42splunk" which can be used to extract information from the MISP instance.

The next command return error:
alt text

Here is the job inspector log:

05-05-2019 10:12:32.637 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO mispinstance=defaultmisp eventid=11398': Traceback (most recent call last):
05-05-2019 10:12:32.637 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO mispinstance=defaultmisp eventid=11398': File "/opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py", line 19, in
05-05-2019 10:12:32.637 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO mispinstance=defaultmisp eventid=11398': from splunklib.searchcommands import dispatch, ReportingCommand, Configuration, Option, validators
05-05-2019 10:12:32.637 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO mispinstance=defaultmisp eventid=11398': ImportError: No module named splunklib.searchcommands
05-05-2019 10:12:32.664 ERROR script - Getinfo probe failed for external search command 'mispgetioc'.
05-05-2019 10:12:32.664 INFO SearchParser - PARSING: |mispgetioc mispinstance=defaultmisp eventid=11398
05-05-2019 10:12:32.664 INFO script - found script file=/opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py
05-05-2019 10:12:32.664 INFO script - stderr for script mispgetioc will be added to search.log
05-05-2019 10:12:32.717 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO mispinstance=defaultmisp eventid=11398': Traceback (most recent call last):
05-05-2019 10:12:32.717 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO mispinstance=defaultmisp eventid=11398': File "/opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py", line 19, in
05-05-2019 10:12:32.717 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO mispinstance=defaultmisp eventid=11398': from splunklib.searchcommands import dispatch, ReportingCommand, Configuration, Option, validators
05-05-2019 10:12:32.717 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO mispinstance=defaultmisp eventid=11398': ImportError: No module named splunklib.searchcommands
05-05-2019 10:12:32.722 ERROR script - Getinfo probe failed for external search command 'mispgetioc'.
05-05-2019 10:12:32.722 INFO SearchPhaseGenerator - Failed to create phases using AST:Error in 'script': Getinfo probe failed for external search command 'mispgetioc'.. Falling back to 2 phase mode.
05-05-2019 10:12:32.722 INFO SearchParser - PARSING: |mispgetioc mispinstance=defaultmisp eventid=11398
05-05-2019 10:12:32.722 INFO script - found script file=/opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py
05-05-2019 10:12:32.722 INFO script - stderr for script mispgetioc will be added to search.log
05-05-2019 10:12:32.773 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO mispinstance=defaultmisp eventid=11398': Traceback (most recent call last):
05-05-2019 10:12:32.773 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO mispinstance=defaultmisp eventid=11398': File "/opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py", line 19, in
05-05-2019 10:12:32.773 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO mispinstance=defaultmisp eventid=11398': from splunklib.searchcommands import dispatch, ReportingCommand, Configuration, Option, validators
05-05-2019 10:12:32.773 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO mispinstance=defaultmisp eventid=11398': ImportError: No module named splunklib.searchcommands
05-05-2019 10:12:32.778 ERROR script - Getinfo probe failed for external search command 'mispgetioc'.
05-05-2019 10:12:32.778 ERROR SearchPhaseGenerator - Fallback to two phase search failed:Error in 'script': Getinfo probe failed for external search command 'mispgetioc'.
05-05-2019 10:12:32.778 ERROR SearchOrchestrator - Error in 'script': Getinfo probe failed for external search command 'mispgetioc'.
05-05-2019 10:12:32.778 INFO SearchStatusEnforcer - Enforcing disk quota = 10485760000
05-05-2019 10:12:32.779 INFO DispatchStorageManager - Remote storage disabled for search artifacts.
05-05-2019 10:12:32.779 INFO DispatchManager - DispatchManager::dispatchHasFinished(id='1557051152.24', username='admin')
05-05-2019 10:12:32.780 INFO UserManager - Unwound user context: admin -> NULL
05-05-2019 10:12:32.780 INFO UserManager - Unwound user context: admin -> NULL
05-05-2019 10:12:32.781 ERROR dispatchRunner - RunDispatch::runDispatchThread threw error: Error in 'script': Getinfo probe failed for external search command 'mispgetioc'.

Tags (1)
Preview file
1 KB
Reply