Getting Data In

Why is my bash scripted input failing on Ubuntu while it's OK on other distros?

D2SI
Communicator

Hello,

I have an issue with a scripted input.

I have 2 Linux on Amazon Web Services (AWS) :

  • 1 based one AWS Linux AMI
  • 1 based on Ubuntu

On AWS Linux Amazon Machine Image (AMI) :

  • script is OK when launched manually
  • script is OK when launched by Splunk via scripted input

On Ubuntu :

  • script is OK when launched manually
  • script KO when launched by Splunk via scripted input

I would get errors like:

Error in sitecustomize; set PYTHONVERBOSE for traceback
AttributeError: module 'sys' has no attribute 'setdefaultencoding'
prepare_body() takes 3 positional arguments but 4 were given

I do not know why it even mention Python since it is a bash script.

I try each line of the script one by one but, via Splunk it fails at things such as :

\#!/usr/bin/env bash

set -o nounset

START_TIME="${SECONDS}"

---> Fails saying SECONDS is not declared and since using 'set -o nounset'.

But SECONDS is an internal variable, and since :

  • I do not meet that issue in other ways script is launched (on Linux AMI & manually on Ubuntu)
  • I get other weird errors for other small instructions anyhow

Hence, sorry for not posting more clear error examples, but since the script seems all OK in other contexts as mentioned, I feeI feel like I am missing something in the way the script is being launched by Splunk.

Is there anything specific I should take into account running a bash script from Splunk on Ubuntu ?

Is there a way to launch such a script using a Splunk command like it can be done for Python using "splunk cmd python script.py" ?

Thanks in advance for any hints!

1 Solution

woodcock
Esteemed Legend

Try adding this to the very top of your script:

unset LD_LIBRARY_PATH

If that doesn't do it, try adding this ALSO (keep the above line, too):

unset PYTHONPATH

View solution in original post

woodcock
Esteemed Legend

Try adding this to the very top of your script:

unset LD_LIBRARY_PATH

If that doesn't do it, try adding this ALSO (keep the above line, too):

unset PYTHONPATH

D2SI
Communicator

Thanks a lot ! With both, it works on Ubuntu and still works on AWS Linux AMI so it's perfect.

I tried to run echo $LD_LIBRARY_PATH & $PYTHONPATH, it returned an empty line on both distros.

0 Karma

woodcock
Esteemed Legend

This drove me crazy until I figured it out. I forget how long it took...

0 Karma

dauren_akilbeko
Communicator

Is there a way to launch such script
using Splunk command like it can be
done for Python using "splunk cmd
python script.py" ?
splunk cmd script.sh

0 Karma

D2SI
Communicator

Thanks,

'splunk cmd script.sh' seems to be working only with the scripted copied to $SPLUNK_HOME/bin, but it works!

And it generates the same errors I see when launched from the scripted input.

0 Karma

dauren_akilbeko
Communicator

Did you check permissions on th script file?
Also can you run some other arbitrary script (Echo something), to see if it also fails.

0 Karma

D2SI
Communicator

Yes I had double checked on permissions.

Yes "echo something" would work on Ubuntu, but errors would raise as soon as I introduce small instructions.

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...