Splunk Enterprise Security

Splunk 8 python 2.7 for an app

cfcvendorsuppor
Explorer

Hello,

I'm trying to force an app to use python 2.7 on a Splunk 8 with enterprise security.

The config in server.conf is set to:
python.version = python3

With this setting my app doesn't work anymore, if I change the server.conf to: python.version = python2, it works.

But I would like to keep python3 in server.conf and force the app to use python2, I tried to add the following in the app.conf but it doesn't work:
[install]
python.version = python2

Anyone knows how to force the app to use python 2 ?

Thank you !

1 Solution

cfcvendorsuppor
Explorer

My problem is fixed, I did set "python.version = python2" in every .conf file of our app, not sure which one did the trick but I works. I was able to set back the main config to python3.

View solution in original post

gdaly_splunk
Splunk Employee
Splunk Employee

I just had to fix/re-configure for this very issue: 

There are TWO methods to successfully control the python version in Splunk 8.x.

Global (all apps by default will use this setting):
/system/local/server.conf -

[general]
python.version = python2

Note:  Your options are 

python.version = {default|python|python2|python3}


App-specific: 
 /{some app i.e. eventgen}/local/app.conf

[install]
python.version = python2

Two hints:
1)   Be very careful to place the python.version statement in the correct stanza given the .conf file (see docs for more info) 
2)   I highly recommend using the app-specific method as the global method will almost certainly cause issues with new Splunk apps (including your own) which require py3.

I hope this is helpful.
Gregg -- TMM:  Platforms, IoT, and Verticals

cfcvendorsuppor
Explorer

My problem is fixed, I did set "python.version = python2" in every .conf file of our app, not sure which one did the trick but I works. I was able to set back the main config to python3.

matthewpearce
Explorer

Actually, I found that I just needed to change my inputs.conf to force my scripted inputs to run on python 2. This worked fine when I added python.version = python2


[script://$SPLUNK_HOME/etc/apps/myapp/bin/my_app_collect_cloud.py]
python.version = python2
disabled = False
index = myindex

I needed to do this, since upgrading from 8.0.6 to 8.2.2 as the apps were forced to use python3 on scripted inputs

0 Karma

chasiubaobao
Engager

Had a similar issue with a TA-user-agents app. Fixed by adding python.version = python2 to the following file.

x:\Splunk\etc\apps\TA-user-agents\default\transforms.conf

 

 

0 Karma

rfetters
Engager

In the app conf files where you put python.version = python2, which stanzas did you use? I can't seem to get this to work for the REST API modular input. We would like to set it to python3 in server.conf, but since nothing is working in this add-on app, we are using the default settings of python2.

0 Karma

lkutch_splunk
Splunk Employee
Splunk Employee

Depending on the app version, it might not be advisable to change it. Just as an example:
https://docs.splunk.com/Documentation/Splunk/latest/Python3Migration/ES#Splunk_Enterprise_Security_v...

0 Karma

cfcvendorsuppor
Explorer

Thank you for the info, I didn't see this. ES seem to be working fine even with the python2 flag in the server.conf, I see various files in the SplunkEnterpriseSecuritySuite app with the python3 flag, so I suppose this correctly overwrite the server.conf setting. I will try to set the phython 2 flag for my app in other conf file as well to see if it help and if I cant set the main config to python3.

0 Karma

julianniemeyer
New Member

As I just posted in a thread that has yet to be approved, I have the reverse issue and I used a shell script to invoke Python 3:

/data/splunk/bin/python3.7m  /data/splunk/etc/apps/myprog/bin/myprog.py

Maybe that technique would address your issue?

0 Karma

cfcvendorsuppor
Explorer

Thank for your answer, yes it could help. Where did you set this ? Somewhere within the app ?

0 Karma
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...