Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I receiving ModuleNotFoundError with custom module?

newrose
Explorer
‎05-17-2023 12:32 PM

I'm trying to use a Python script with a custom module for a external lookup on Splunk. When running

/opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/search/bin/gib_detect.py

to test the script I get the following error:

 

Traceback (most recent call last):
File "/opt/splunk/etc/apps/search/bin/gib_detect.py", line 18, in <module>
import gib_detect_train
ModuleNotFoundError: No module named 'gib_detect_train'

 


But when running the same script outside Splunk folders with

/opt/splunk/bin/splunk cmd python /home/myuser/gib_detect.py

It works as intended.

What I am doing wrong?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

newrose
Explorer
‎05-17-2023 01:53 PM

That was my bad. The import is actually calling another file, the gib_detect_train.py, and was required inside the bin folder as well.

And I will be following the @richgalloway advice of storing the files in a custom app.

View solution in original post

Reply
Solved! Jump to solution
Solution

newrose
Explorer
‎05-17-2023 01:53 PM

That was my bad. The import is actually calling another file, the gib_detect_train.py, and was required inside the bin folder as well.

And I will be following the @richgalloway advice of storing the files in a custom app.

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎05-17-2023 01:06 PM

Did you include gib_detect.py in /opt/splunk/etc/apps/search/lib?  It's probably in your home folder, but not in the Splunk folder.

BTW, it's best to create external commands in custom apps rather than in the search app.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

newrose
Explorer
‎05-17-2023 01:30 PM

I have this same .py file both in my home directory and inside /opt/splunk/etc/apps/search/bin.

Should I create a lib folder inside the search app to store the .py file? Shouldn't the binaries be stored inside a bin folder?

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎05-17-2023 01:39 PM

Library files can be in <app>/bin/lib or <app>/lib.

I would resist the temptation to change the file structure of a standard app.  Put your external command into a new app.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

newrose
Explorer
‎05-17-2023 01:57 PM

I appreciate your help.

I didn't provide all the detais about the script, and actually was missing another file inside the bin folder.

I'll be using a custom app to keep the search app folder clean.

0 Karma
Reply
Get Updates on the Splunk Community!

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Last month, I met with a Senior Fraud Analyst at a nationally recognized bank to discuss their recent success ...

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

What has been announced?  In the blog, “Preparing your Splunk Environment for OpensSSL3,”we announced the ...
Top