After the upgrade of Splunk Add-on for AWS, there is an error message appearing in the right corner in Splunk:
Unable to initialize modular input "splunk_ta_aws_sqs" defined in the app "Splunk_TA_aws": Introspecting scheme=splunk_ta_aws_sqs: script running failed (exited with code 1)
I have disabled all inputs from default and local, even deleted inputs.conf without help.
The error is occurring only on the Search Head but I don't have data collection because data collection is occurring on a Heavy Forwarder.
Splunk is v 8.0.3 and the app is the latest version.
In the log, I see there is a script which is failing which seems like it could be an issue with python script but I don't understand why as all inputs from the add-on are disabled/removed and SH has been restarted.
Can you check internal log of splunk and provide some more details about error. And also can you mention form which python script you are getting error.
@vikramyadav wrote:Can you check internal log of splunk and provide some more details about error. And also can you mention form which python script you are getting error.
Had similar issue. For whatever reason ours would only throw on the SHC members. I would go into the README directory in the app and comment out the entirety of the inputs.conf.spec. Once that was performed all alerting on stopped.
0000 INFO SpecFiles - Found external scheme definition for stanza="splunk_ta_aws_sqs://" from spec file="/opt/splunk/etc/apps/Splunk_TA_aws/README/inputs.conf.spec" with parameters="placeholder"
0000 ERROR ModularInputs - No script to handle scheme "splunk_ta_aws_sqs" was found. This modular input will be disabled.
0000 ERROR ModularInputs - Unable to initialize modular input "splunk_ta_aws_sqs" defined inside the app "Splunk_TA_aws": Unable to locate suitable script for introspection.
These would also fire on standalone search heads but only at startup. With the SHC members it was continuous every few minutes. Commenting out the inputs.conf.spec stopped the issue. Since the TA for the search head wasn't there to ingest data we had no concerns commenting it out.