Error after Enterprise Security Upgrade to 4.1.2

jwelch_splunk · ‎10-03-2016

Unable to initialize modular input "app_imports_update" defined inside the app "SA-Utils": Introspecting scheme=app_imports_update: script running failed (exited with code 1).

svakkalanka_spl · ‎10-07-2016

This should now be fixed in 4.1.3

jwelch_splunk · ‎10-03-2016

This is being fixed, however the current work around it below:

File to change:
/opt/splunk/etc/apps/SA-Utils/bin/app_imports_update.py
Line to change 56 remove one space def should line up with @ on Line 55

BEFORE
     52     REQUIRED_VERSION_CLOUD = "6.4.0"
     53     DEFAULT_GETARGS = {'output_mode': 'json', 'count': 0}
     54 
     55     @staticmethod
     56      def getApps(session_key): 
     57         """Get a list of enabled apps on the system."""
     58 

AFTER
     52     REQUIRED_VERSION_CLOUD = "6.4.0"
     53     DEFAULT_GETARGS = {'output_mode': 'json', 'count': 0}
     54 
     55     @staticmethod
     56     def getApps(session_key):
     57         """Get a list of enabled apps on the system."""
     58

cd to /opt/splunk/bin
run the following command to verify you see results:
./splunk cmd splunkd print-modinput-config app_imports_update app_imports_update://update_es
Should see xml returned with the mod input config

Error after Enterprise Security Upgrade to 4.1.2

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Join the Conversation

Error after Enterprise Security Upgrade to 4.1.2

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey