Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I receiving ModuleNotFoundError with custom module?

newrose
Explorer
‎05-17-2023 12:32 PM

I'm trying to use a Python script with a custom module for a external lookup on Splunk. When running

/opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/search/bin/gib_detect.py

to test the script I get the following error:

 

Traceback (most recent call last):
File "/opt/splunk/etc/apps/search/bin/gib_detect.py", line 18, in <module>
import gib_detect_train
ModuleNotFoundError: No module named 'gib_detect_train'

 


But when running the same script outside Splunk folders with

/opt/splunk/bin/splunk cmd python /home/myuser/gib_detect.py

It works as intended.

What I am doing wrong?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

newrose
Explorer
‎05-17-2023 01:53 PM

That was my bad. The import is actually calling another file, the gib_detect_train.py, and was required inside the bin folder as well.

And I will be following the @richgalloway advice of storing the files in a custom app.

View solution in original post

Reply
Solved! Jump to solution
Solution

newrose
Explorer
‎05-17-2023 01:53 PM

That was my bad. The import is actually calling another file, the gib_detect_train.py, and was required inside the bin folder as well.

And I will be following the @richgalloway advice of storing the files in a custom app.

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎05-17-2023 01:06 PM

Did you include gib_detect.py in /opt/splunk/etc/apps/search/lib?  It's probably in your home folder, but not in the Splunk folder.

BTW, it's best to create external commands in custom apps rather than in the search app.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

newrose
Explorer
‎05-17-2023 01:30 PM

I have this same .py file both in my home directory and inside /opt/splunk/etc/apps/search/bin.

Should I create a lib folder inside the search app to store the .py file? Shouldn't the binaries be stored inside a bin folder?

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎05-17-2023 01:39 PM

Library files can be in <app>/bin/lib or <app>/lib.

I would resist the temptation to change the file structure of a standard app.  Put your external command into a new app.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

newrose
Explorer
‎05-17-2023 01:57 PM

I appreciate your help.

I didn't provide all the detais about the script, and actually was missing another file inside the bin folder.

I'll be using a custom app to keep the search app folder clean.

0 Karma
Reply
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...