All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

DECRYPT version 2.3.0 not working with python 3

gjanders
SplunkTrust
SplunkTrust
‎11-11-2020 10:45 PM

Splunk 8.0.4.1:

11-12-2020 06:29:03.713 INFO  ChunkedExternProcessor - Running process: /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/decrypt/bin/decrypt.py
11-12-2020 06:29:03.770 ERROR ChunkedExternProcessor - stderr: Traceback (most recent call last):
11-12-2020 06:29:03.770 ERROR ChunkedExternProcessor - stderr:   File "/opt/splunk/etc/apps/decrypt/bin/decrypt.py", line 12, in <module>
11-12-2020 06:29:03.771 ERROR ChunkedExternProcessor - stderr:     import decryptlib
11-12-2020 06:29:03.771 ERROR ChunkedExternProcessor - stderr:   File "/opt/splunk/etc/apps/decrypt/bin/decryptlib.py", line 1, in <module>
11-12-2020 06:29:03.771 ERROR ChunkedExternProcessor - stderr:     import StringIO
11-12-2020 06:29:03.771 ERROR ChunkedExternProcessor - stderr: ModuleNotFoundError: No module named 'StringIO'
11-12-2020 06:29:03.777 ERROR ChunkedExternProcessor - EOF while attempting to read transport header read_size=0
11-12-2020 06:29:03.777 ERROR ChunkedExternProcessor - Error in 'decrypt' command: External search command exited unexpectedly with non-zero error code 1.

The library exists in python2 but not the local python3 install in 8.0.x (which is confusing)

Setting this back to python2 appears to work...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Unicron
Engager
‎01-23-2021 01:56 PM

I realize that this is an old post but I came across this issue as well.  I had a previous version installed and then installed 2.3.0.  $SPLUNK_HOME/etc/apps/decrypt/bin/decryptlib.py was left from the previous version.  Delete this file because the updated version now exists in $SPLUNK_HOME/etc/apps/decrypt/lib.

View solution in original post

Reply
Solved! Jump to solution

teresachila
Path Finder
‎12-16-2021 07:10 AM

Building on @Unicron 's post above, if there is a decryptlib.pyc, delete that as well. That works for us.

0 Karma
Reply
Solved! Jump to solution
Solution

Unicron
Engager
‎01-23-2021 01:56 PM

I realize that this is an old post but I came across this issue as well.  I had a previous version installed and then installed 2.3.0.  $SPLUNK_HOME/etc/apps/decrypt/bin/decryptlib.py was left from the previous version.  Delete this file because the updated version now exists in $SPLUNK_HOME/etc/apps/decrypt/lib.

Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...