Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Getting error after upgrading Splunk Add-on for AWS on v 8.0.3.

net1993
Path Finder
‎09-17-2020 04:10 AM

After the upgrade of Splunk Add-on for AWS, there is an error message appearing in the right corner in Splunk:

Unable to initialize modular input "splunk_ta_aws_sqs" defined in the app "Splunk_TA_aws": Introspecting scheme=splunk_ta_aws_sqs: script running failed (exited with code 1)

I have disabled all inputs from default and local, even deleted inputs.conf without help.

The error is occurring only on the Search Head but I don't have data collection because data collection is occurring on a Heavy Forwarder.

Splunk is v 8.0.3 and the app is the latest version.

In the log, I see there is a script which is failing which seems like it could be an issue with python script but I don't understand why as all inputs from the add-on are disabled/removed and SH has been restarted.

Labels (5)
Tags (1)
Reply

vikramyadav
Contributor
‎09-25-2020 05:12 PM

Can you check internal log of splunk and provide some more details about error. And also can you mention form which python script you are getting error.

Reply

jbrinkman
Explorer
‎11-24-2020 02:49 PM
@vikramyadav wrote:

Can you check internal log of splunk and provide some more details about error. And also can you mention form which python script you are getting error.

Had similar issue. For whatever reason ours would only throw on the SHC members. I would go into the README directory in the app and comment out the entirety of the inputs.conf.spec. Once that was performed all alerting on stopped.

 

0000 INFO SpecFiles - Found external scheme definition for stanza="splunk_ta_aws_sqs://" from spec file="/opt/splunk/etc/apps/Splunk_TA_aws/README/inputs.conf.spec" with parameters="placeholder"

0000 ERROR ModularInputs - No script to handle scheme "splunk_ta_aws_sqs" was found. This modular input will be disabled.

0000 ERROR ModularInputs - Unable to initialize modular input "splunk_ta_aws_sqs" defined inside the app "Splunk_TA_aws": Unable to locate suitable script for introspection.

These would also fire on standalone search heads but only at startup. With the SHC members it was continuous every few minutes. Commenting out the inputs.conf.spec stopped the issue. Since the TA for the search head wasn't there to ingest data we had no concerns commenting it out.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...