Splunk Enterprise Security

Error after Enterprise Security Upgrade to 4.1.2

Splunk Employee
Splunk Employee

Unable to initialize modular input "app_imports_update" defined inside the app "SA-Utils": Introspecting scheme=app_imports_update: script running failed (exited with code 1).

Splunk Employee
Splunk Employee

This should now be fixed in 4.1.3

0 Karma

Splunk Employee
Splunk Employee

This is being fixed, however the current work around it below:

File to change:
/opt/splunk/etc/apps/SA-Utils/bin/app_imports_update.py
Line to change 56 remove one space def should line up with @ on Line 55

BEFORE
     52     REQUIRED_VERSION_CLOUD = "6.4.0"
     53     DEFAULT_GETARGS = {'output_mode': 'json', 'count': 0}
     54 
     55     @staticmethod
     56      def getApps(session_key): 
     57         """Get a list of enabled apps on the system."""
     58 

AFTER
     52     REQUIRED_VERSION_CLOUD = "6.4.0"
     53     DEFAULT_GETARGS = {'output_mode': 'json', 'count': 0}
     54 
     55     @staticmethod
     56     def getApps(session_key):
     57         """Get a list of enabled apps on the system."""
     58 

cd to /opt/splunk/bin
run the following command to verify you see results:
./splunk cmd splunkd print-modinput-config app_imports_update app_imports_update://update_es
Should see xml returned with the mod input config

Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!