Solved: Splunk app writing to a location

nb1016 · ‎11-30-2022

We found a Splunk app which allows us to take a file and write it to our Splunk server before sending it off to a data store.

Due to issues with this app, I downloaded it, modified it, and re-uploaded it with some slight changes to the codebase. After this change, the new uploaded app does not have permissions to write to the filesystem, and we get this error "Unexpected error: [Errno 30] Read-only file system" when we try and use any of its alerts which write to a file.

This did not happen in the original app, which confuses me, as the logic for the file uploading, and the file destination have not changed.

These are the relevant bits of code which are throwing an error currently. Anyone know why this might not be working?

if not os.path.exists("out"):
os.makedirs("out")

filename= "out/"+sid+".csv"

For context, the only changes were that finaland we are running our instance on Splunk Cloud so do not have direct access to the filesystem to be able to debug why this issue is getting thrown.

nb1016 · ‎11-30-2022

Solved this issue by simply writing to the /tmp directory instead as everyone has read/write permissions there.

View solution in original post

nb1016 · ‎11-30-2022

Solved this issue by simply writing to the /tmp directory instead as everyone has read/write permissions there.

Splunk app writing to a location

app

python

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life