You may want to check out the answer I posted here: http://answers.splunk.com/answers/105193/cisco-ips-error-errno-8/135759. It is possible to override the SSL selection in the Python code. ... View more

Based on your envvars, you are trying to run on a Universal Forwarder (UF). You need to run on a Lightweight Forwarder (LWF) or Heavy Forwarder (HF), or else add the Splunk python SDK libraries to the system python on the machine where the UF is running. (The SDK is available here.) The main difference between a UF and a LWF is that the UF does not come with a Splunk python implementation (and the attendant Splunk python libraries), which is the difference you're seeing. It relies on the system python, but the system python doesn't have the Splunk libraries needed. It's certainly possible to make it run on a UF, simply by either: Installing the Splunk python SDK into the system python on the UF machine. Putting the Splunk python SDK libraries into the app Really the right solution would be for the app developer to simply include the Splunk python SDK libraries into the app itself so it comes with everything needed to run on a plain system python. This is fundamentally simple, it's simply a matter of sticking the SDK "splunk" folder into the "bin" directory where the main script that needs it is located. ... View more

You may want to check out my answer here: http://answers.splunk.com/answers/105193/cisco-ips-error-errno-8/135759. I posted some code that may solve this issue for you. ... View more