Splunk Dev

Why does slim validate complain about undefined setting python.version even though it is valid?

citruz
Engager

Hi,

I am trying to use the slim utility for validating and packaging my app. When running slim validate, it complains about undefined setting python.version in alert_actions.conf even though it is clearly documented:

https://docs.splunk.com/Documentation/Splunk/8.1.2/Admin/Alertactionsconf

Did I miss something?

 

slim validate: Validating app at "<My App name>"...
slim validate: [WARNING] /path/to/<My App name>/default/alert_actions.conf, line 2: Undefined setting in stanza [default]: python.version

 

 

Labels (3)
Tags (1)
0 Karma

thehappydinoa
Engager

I am still experiencing this same issue, does anyone have any ideas for this? I think we may be able to do something with in the `README/input.conf.spec`? But any guidance would be much appreciated

Tags (3)
0 Karma

mcmaster
Communicator

Hey there!

There's no official solution right now, probably the best course of action for now is to follow the recommendation of updating the spec files within the slim installation path. This is a currently known issue but there's no ETA on a fix.

Hope this helps.

0 Karma

thehappydinoa
Engager

Hey, I was actually able to fix it by adding the following lines to the `Splunk_TA_my_addon/README/input.conf.spec`. Then I stopped getting that warning from slim.

```

[my_input://<name>]
# ... my other values
start_by_shell = <bool>
python.version = <string>
interval = <integer>

```

 

malvidin
Communicator

No, you didn't miss anything.

The splunk-packaging-toolkit (slim), splunk-appinspect, and the Splunk Python SDK are not perfectly aligned yet.

If you want slim to work better, you could update the files in ./venv/Lib/site-packages/slim/config/conf-specs/*.conf.spec to what you find in your target Splunk version's config files. If you don't have a Splunk installation, replace commands.conf.spec and others with a current version from Splunk docs (https://docs.splunk.com/Documentation/Splunk/Latest/Admin/Commandsconf#commands.conf.spec). 

Some of the other issues I've seen:

  • Options must be provided before the command documented slim options may not exist (e.g. --quiet)
  • Python SDK doesn't pass splunk-appinspect 
  • splunk-appinspect and slim raise conflicting errors
  • no slim option to set the location of inspect.yml
  • no option to return a non-zero code if any validations fail in splunk-appinspect or slim 

I'd recommend packaging the app with slim and using splunk-appinspect  to validate, rather than using the validation in slim.

citruz
Engager

Just to add to the list of issues:

Slim and AppInspect cannot even be installed in the same venv because the former depends on future>=0.18.2 while the latter depends on future==0.17.1

 

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...