Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk custom script with python and pip library | Integrity check of installed files failed

GaetanVP
Contributor
‎12-13-2022 07:03 AM

Hello Splunkers,

I recently created a custom alerts on my Search Head, and for this alert to run I needed to install a Pip library (here HttpNtlmAuth).

I used this command : 

/opt/splunk/bin/python3.7 -m pip install <my_package>

Afterwards my script & alert just ran correctly but the health check "Integrity check of installed files" failed because of this install (Splunk is complaining that my python bin and lib have changed, some other are missing).

I have read that I can install manually the Python package, but I would have the same integrity check problems right ?

Thanks for your answers,
GaetanVP

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎12-14-2022 05:37 AM

Just like one can upgrade Splunk without losing any configurations, one can re-install the same version without losing any configurations.  Backup $SPLUNK_HOME/etc to be safe.

You also can restore the individual files you overwrote by extracting them from the Splunk tarball.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎12-13-2022 09:38 AM

You're getting the integrity check messages because you altered the files that came with Splunk.  The fix is to re-install Splunk so you have the original file set.

Avoid the problem by putting the HttpNtimAuth library (and any others you need that do not come with Splunk) in the lib directory of your custom app.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

GaetanVP
Contributor
‎12-14-2022 04:23 AM

Thanks for your answer @richgalloway, I will try that !
About the re-install Splunk, I would definitely lose some configuration / files and so on... right ? No way to fixed the issue within s Splunk tool / cli ?

Thanks.
GaetanVP

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎12-14-2022 05:37 AM

Just like one can upgrade Splunk without losing any configurations, one can re-install the same version without losing any configurations.  Backup $SPLUNK_HOME/etc to be safe.

You also can restore the individual files you overwrote by extracting them from the Splunk tarball.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...