Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I receiving ModuleNotFoundError with custom module?

newrose
Explorer
‎05-17-2023 12:32 PM

I'm trying to use a Python script with a custom module for a external lookup on Splunk. When running

/opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/search/bin/gib_detect.py

to test the script I get the following error:

 

Traceback (most recent call last):
File "/opt/splunk/etc/apps/search/bin/gib_detect.py", line 18, in <module>
import gib_detect_train
ModuleNotFoundError: No module named 'gib_detect_train'

 


But when running the same script outside Splunk folders with

/opt/splunk/bin/splunk cmd python /home/myuser/gib_detect.py

It works as intended.

What I am doing wrong?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

newrose
Explorer
‎05-17-2023 01:53 PM

That was my bad. The import is actually calling another file, the gib_detect_train.py, and was required inside the bin folder as well.

And I will be following the @richgalloway advice of storing the files in a custom app.

View solution in original post

Reply
Solved! Jump to solution
Solution

newrose
Explorer
‎05-17-2023 01:53 PM

That was my bad. The import is actually calling another file, the gib_detect_train.py, and was required inside the bin folder as well.

And I will be following the @richgalloway advice of storing the files in a custom app.

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎05-17-2023 01:06 PM

Did you include gib_detect.py in /opt/splunk/etc/apps/search/lib?  It's probably in your home folder, but not in the Splunk folder.

BTW, it's best to create external commands in custom apps rather than in the search app.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

newrose
Explorer
‎05-17-2023 01:30 PM

I have this same .py file both in my home directory and inside /opt/splunk/etc/apps/search/bin.

Should I create a lib folder inside the search app to store the .py file? Shouldn't the binaries be stored inside a bin folder?

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎05-17-2023 01:39 PM

Library files can be in <app>/bin/lib or <app>/lib.

I would resist the temptation to change the file structure of a standard app.  Put your external command into a new app.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

newrose
Explorer
‎05-17-2023 01:57 PM

I appreciate your help.

I didn't provide all the detais about the script, and actually was missing another file inside the bin folder.

I'll be using a custom app to keep the search app folder clean.

0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...