Developing for Splunk Enterprise

Custom Script and python 3.7 gives strange Loglevel Error


Hi all

I've enabled the python 3.7 Support on my installation, but now my external command won't work anymore, saying i have some syntax error, which i'm not able to find in the binary tree of my command app...

And the command works with python 2.7...

The message is:

ValueError: Unknown level: 'ERROR ; Default: WARNING'

The full log is:

07-17-2020 10:12:48.713 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/elasticsplunk/bin/ __GETINFO__ eaddr=cluster1 index=testdrive query="state:IL or state=TN and age>22"':

Traceback (most recent call last):
File "/opt/splunk/etc/apps/elasticsplunk/bin/", line 49, in <module>
from splunklib.searchcommands import dispatch, StreamingCommand, GeneratingCommand, Configuration, Option, validators
File "/opt/splunk/etc/apps/elasticsplunk/bin/splunklib/searchcommands/", line 145, in <module>
from .environment import *
File "/opt/splunk/etc/apps/elasticsplunk/bin/splunklib/searchcommands/", line 120, in <module>
splunklib_logger, logging_configuration = configure_logging('splunklib')
File "/opt/splunk/etc/apps/elasticsplunk/bin/splunklib/searchcommands/", line 103, in configure_logging
fileConfig(filename, {'SPLUNK_HOME': splunk_home})
File "/opt/splunk/lib/python3.7/logging/", line 80, in fileConfig
_install_loggers(cp, handlers, disable_existing_loggers)
File "/opt/splunk/lib/python3.7/logging/", line 195, in _install_loggers
File "/opt/splunk/lib/python3.7/logging/", line 1353, in setLevel
self.level = _checkLevel(level)
File "/opt/splunk/lib/python3.7/logging/", line 192, in _checkLevel
raise ValueError("Unknown level: %r" % level)
ValueError: Unknown level: 'ERROR ; Default: WARNING'
07-17-2020 10:12:48.725 ERROR script - Getinfo probe failed for external search command 'ess'.



Labels (2)



Your app's logging.conf file has a line like this in it:
level ERROR ; Default: WARNING

And it needs to look like this:
level ERROR

0 Karma

Did you run the Splunk Platform Upgrade Readiness App ( ? It should have identified this before you upgraded. It might have identified the change that needed to be made to support Python 3.
If this reply helps you, an upvote would be appreciated.
0 Karma



I've executed the readyness tool but it had only warnings and not a single blocker.
Including the splunklib which should be ready for 3....

That's why i have no clue why the logger breaks. Every other point where the syntax changed yes, but not in the logger.

0 Karma



Came to this thread randomly for the same needs (elasticsearch Python)
I just got rid of the logging.conf and that fixes import issues in 8.2.x

.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!