For clarification, I understand the exit code 114 is normal, but can these be suppressed from displaying in Messages? Is there an update planned to remove from showing in Messages? Thank you- Duane

As an FYI. This issue appears to be back in ES 5.2.2 at a minimum. I have not checked versions between 5.1.0 where the issue was supposedly fixed and 5.2.2.

I recently had this issue on an instance with ES as well. We traced it back to the “[configuration_check://confcheck_script_errors]” stanza in inputs.conf of the ES app. It looks like this stanza was not in ES version 5.0.1.

We decided to just add instrumentation.py to the regex in the suppress setting of this stanza. The error is still included in the internal logs but doesn’t show up as a bulletin message anymore.

Hello,
Thanks Donald, I added instrumentation script in the suppress stanza “[configuration_check://confcheck_script_errors]” in local and it worked , i don't see message error anymore.

While it may get rid of the problem showing up in the the messages, it still doesn't address whatever this issue is. I would have figured that someone would have a much better answer by now - especially since its related to Enterprise Security :-(.

Yes, this is just a workaround. However, ‘msg="A script exited abnormally" input="$SPLUNK_HOME/etc/apps/splunk_instrumentation/bin/instrumentation.py" stanza="default" status="exited with code 114"’, does not indicate an actual issue. If that's what you are receiving, suppressing the message should be fine for now. From the Enterprise Security fixed issues page (SOLNESS-15251), http://docs.splunk.com/Documentation/ES/5.1.0/RN/FixedIssues, “Exit code 114 is normal for instrumentation.py and should be whitelisted”. If you are receiving a different exit code, you might have a bigger problem.

I'm also getting this error, and have disabled the scripted input in inputs.conf....still getting error.

I have the same probleme,I verified the input.conf ... and still getting same message error, did you find any solution?Thanks