ImportError: No module named splunklib.searchcomma...

bugnet · ‎05-05-2019

Hi all,

I'm working with app "misp42splunk" which can be used to extract information from the MISP instance.

The next command return error:

Here is the job inspector log:

05-05-2019 10:12:32.637 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO misp_instance=default_misp eventid=11398': Traceback (most recent call last):
05-05-2019 10:12:32.637 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO misp_instance=default_misp eventid=11398': File "/opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py", line 19, in
05-05-2019 10:12:32.637 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO misp_instance=default_misp eventid=11398': from splunklib.searchcommands import dispatch, ReportingCommand, Configuration, Option, validators
05-05-2019 10:12:32.637 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO misp_instance=default_misp eventid=11398': ImportError: No module named splunklib.searchcommands
05-05-2019 10:12:32.664 ERROR script - Getinfo probe failed for external search command 'mispgetioc'.
05-05-2019 10:12:32.664 INFO SearchParser - PARSING: |mispgetioc misp_instance=default_misp eventid=11398
05-05-2019 10:12:32.664 INFO script - found script file=/opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py
05-05-2019 10:12:32.664 INFO script - stderr for script mispgetioc will be added to search.log
05-05-2019 10:12:32.717 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO misp_instance=default_misp eventid=11398': Traceback (most recent call last):
05-05-2019 10:12:32.717 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO misp_instance=default_misp eventid=11398': File "/opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py", line 19, in
05-05-2019 10:12:32.717 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO misp_instance=default_misp eventid=11398': from splunklib.searchcommands import dispatch, ReportingCommand, Configuration, Option, validators
05-05-2019 10:12:32.717 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO misp_instance=default_misp eventid=11398': ImportError: No module named splunklib.searchcommands
05-05-2019 10:12:32.722 ERROR script - Getinfo probe failed for external search command 'mispgetioc'.
05-05-2019 10:12:32.722 INFO SearchPhaseGenerator - Failed to create phases using AST:Error in 'script': Getinfo probe failed for external search command 'mispgetioc'.. Falling back to 2 phase mode.
05-05-2019 10:12:32.722 INFO SearchParser - PARSING: |mispgetioc misp_instance=default_misp eventid=11398
05-05-2019 10:12:32.722 INFO script - found script file=/opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py
05-05-2019 10:12:32.722 INFO script - stderr for script mispgetioc will be added to search.log
05-05-2019 10:12:32.773 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO misp_instance=default_misp eventid=11398': Traceback (most recent call last):
05-05-2019 10:12:32.773 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO misp_instance=default_misp eventid=11398': File "/opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py", line 19, in
05-05-2019 10:12:32.773 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO misp_instance=default_misp eventid=11398': from splunklib.searchcommands import dispatch, ReportingCommand, Configuration, Option, validators
05-05-2019 10:12:32.773 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/misp42splunk/bin/mispgetioc.py GETINFO misp_instance=default_misp eventid=11398': ImportError: No module named splunklib.searchcommands
05-05-2019 10:12:32.778 ERROR script - Getinfo probe failed for external search command 'mispgetioc'.
05-05-2019 10:12:32.778 ERROR SearchPhaseGenerator - Fallback to two phase search failed:Error in 'script': Getinfo probe failed for external search command 'mispgetioc'.
05-05-2019 10:12:32.778 ERROR SearchOrchestrator - Error in 'script': Getinfo probe failed for external search command 'mispgetioc'.
05-05-2019 10:12:32.778 INFO SearchStatusEnforcer - Enforcing disk quota = 10485760000
05-05-2019 10:12:32.779 INFO DispatchStorageManager - Remote storage disabled for search artifacts.
05-05-2019 10:12:32.779 INFO DispatchManager - DispatchManager::dispatchHasFinished(id='1557051152.24', username='admin')
05-05-2019 10:12:32.780 INFO UserManager - Unwound user context: admin -> NULL
05-05-2019 10:12:32.780 INFO UserManager - Unwound user context: admin -> NULL
05-05-2019 10:12:32.781 ERROR dispatchRunner - RunDispatch::runDispatchThread threw error: Error in 'script': Getinfo probe failed for external search command 'mispgetioc'.

ImportError: No module named splunklib.searchcommands

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

Join the Conversation