Error after Enterprise Security Upgrade to 4.1.2

jwelch_splunk · ‎10-03-2016

Unable to initialize modular input "app_imports_update" defined inside the app "SA-Utils": Introspecting scheme=app_imports_update: script running failed (exited with code 1).

svakkalanka_spl · ‎10-07-2016

This should now be fixed in 4.1.3

jwelch_splunk · ‎10-03-2016

This is being fixed, however the current work around it below:

File to change:
/opt/splunk/etc/apps/SA-Utils/bin/app_imports_update.py
Line to change 56 remove one space def should line up with @ on Line 55

BEFORE
     52     REQUIRED_VERSION_CLOUD = "6.4.0"
     53     DEFAULT_GETARGS = {'output_mode': 'json', 'count': 0}
     54 
     55     @staticmethod
     56      def getApps(session_key): 
     57         """Get a list of enabled apps on the system."""
     58 

AFTER
     52     REQUIRED_VERSION_CLOUD = "6.4.0"
     53     DEFAULT_GETARGS = {'output_mode': 'json', 'count': 0}
     54 
     55     @staticmethod
     56     def getApps(session_key):
     57         """Get a list of enabled apps on the system."""
     58

cd to /opt/splunk/bin
run the following command to verify you see results:
./splunk cmd splunkd print-modinput-config app_imports_update app_imports_update://update_es
Should see xml returned with the mod input config

Error after Enterprise Security Upgrade to 4.1.2

Fall Into Learning with New Splunk Education Courses

Super Optimize your Splunk Stats Searches: Unlocking the Power of tstats, TERM, and ...

How Splunk Observability Cloud Prevented a Major Payment Crisis in Minutes

Are you a member of the Splunk Community?

Error after Enterprise Security Upgrade to 4.1.2

Fall Into Learning with New Splunk Education Courses

Super Optimize your Splunk Stats Searches: Unlocking the Power of tstats, TERM, and ...

How Splunk Observability Cloud Prevented a Major Payment Crisis in Minutes