Monitoring Splunk
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Quarantine files framework - Unexpected error during execution

pellegrini
Path Finder
‎06-07-2024 02:16 AM

Following two error repeats every minute in splunkd.log on Splunk Enterprise

What is causing this?

 

06-07-2024 10:45:00.314 +0200 ERROR ExecProcessor [2519201 ExecProcessorSchedulerThread] - message from "/data/splunk/bin/python3.7 /data/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Unexpected error during execution: Expecting value: line 1 column 1 (char 0)

06-07-2024 10:45:00.314 +0200 ERROR ExecProcessor [2519201 ExecProcessorSchedulerThread] - message from "/data/splunk/bin/python3.7 /data/splunk/etc/apps/search/bin/quarantine_files.py" Quarantine files framework - Setting enable_jQuery2 - Unexpected error during execution: Expecting value: line 1 column 1 (char 0)

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

pellegrini
Path Finder
‎06-07-2024 06:18 AM

In this case a full file systems caused this file below to be empty, even after splunkd restart, it was still empty.. That was the cause of this error:

[splunk@hf001 ~]$ ll /opt/splunk/quarantined_files/
total 8
-rwxr-x--- 1 splunk splunk   0 Jun  7 14:18 quarantine_manifest.json
-rwxr-x--- 1 splunk splunk 208 Mar 16  2023 README.md

Adding Enterprise default config to the file solved the issue:

[splunk@hf001 ~]$ cat /opt/splunk/quarantined_files/quarantine_manifest.json
{"enable_jQuery2": "not-restricted", "enable_unsupported_hotlinked_imports": "not-restricted"}

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

pellegrini
Path Finder
‎06-07-2024 06:18 AM

In this case a full file systems caused this file below to be empty, even after splunkd restart, it was still empty.. That was the cause of this error:

[splunk@hf001 ~]$ ll /opt/splunk/quarantined_files/
total 8
-rwxr-x--- 1 splunk splunk   0 Jun  7 14:18 quarantine_manifest.json
-rwxr-x--- 1 splunk splunk 208 Mar 16  2023 README.md

Adding Enterprise default config to the file solved the issue:

[splunk@hf001 ~]$ cat /opt/splunk/quarantined_files/quarantine_manifest.json
{"enable_jQuery2": "not-restricted", "enable_unsupported_hotlinked_imports": "not-restricted"}
0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top