Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I receiving ModuleNotFoundError with custom module?

newrose
Explorer
‎05-17-2023 12:32 PM

I'm trying to use a Python script with a custom module for a external lookup on Splunk. When running

/opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/search/bin/gib_detect.py

to test the script I get the following error:

 

Traceback (most recent call last):
File "/opt/splunk/etc/apps/search/bin/gib_detect.py", line 18, in <module>
import gib_detect_train
ModuleNotFoundError: No module named 'gib_detect_train'

 


But when running the same script outside Splunk folders with

/opt/splunk/bin/splunk cmd python /home/myuser/gib_detect.py

It works as intended.

What I am doing wrong?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

newrose
Explorer
‎05-17-2023 01:53 PM

That was my bad. The import is actually calling another file, the gib_detect_train.py, and was required inside the bin folder as well.

And I will be following the @richgalloway advice of storing the files in a custom app.

View solution in original post

Reply
Solved! Jump to solution
Solution

newrose
Explorer
‎05-17-2023 01:53 PM

That was my bad. The import is actually calling another file, the gib_detect_train.py, and was required inside the bin folder as well.

And I will be following the @richgalloway advice of storing the files in a custom app.

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎05-17-2023 01:06 PM

Did you include gib_detect.py in /opt/splunk/etc/apps/search/lib?  It's probably in your home folder, but not in the Splunk folder.

BTW, it's best to create external commands in custom apps rather than in the search app.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

newrose
Explorer
‎05-17-2023 01:30 PM

I have this same .py file both in my home directory and inside /opt/splunk/etc/apps/search/bin.

Should I create a lib folder inside the search app to store the .py file? Shouldn't the binaries be stored inside a bin folder?

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎05-17-2023 01:39 PM

Library files can be in <app>/bin/lib or <app>/lib.

I would resist the temptation to change the file structure of a standard app.  Put your external command into a new app.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

newrose
Explorer
‎05-17-2023 01:57 PM

I appreciate your help.

I didn't provide all the detais about the script, and actually was missing another file inside the bin folder.

I'll be using a custom app to keep the search app folder clean.

0 Karma
Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...