All Apps and Add-ons

Splunk Apps throwing Invalid key python3 warnings

nareshinsvu
Builder

My current splunk env is on 7.2.x. As part of Splunk 8.x upgrade, I am trying to upgrade below apps to dual compatible versions (for both 7.2.x and 8.x) first

 

  • Splunk Supporting Add-on for Active Directory - to version 3.0.1
  • Splunk App for Unix - to version 6.0.0

 

Though it is mentioned as both are compatible with 7.2.x to 8.2.x, I am getting below warnings in my Deployer. Can someone confirm if they have recently upgraded with same scenario as me and faced no issues? so that I can ignore the warning and push the apps to search heads.

 

Invalid key in stanza [ldapsearch] in /opt/splunk/etc/apps/SA-ldapsearch/default/commands.conf, line 2: python.version (value: python3).
Invalid key in stanza [ldapfetch] in /opt/splunk/etc/apps/SA-ldapsearch/default/commands.conf, line 11: python.version (value: python3).
Invalid key in stanza [ldapfilter] in /opt/splunk/etc/apps/SA-ldapsearch/default/commands.conf, line 21: python.version (value: python3).
Invalid key in stanza [ldapgroup] in /opt/splunk/etc/apps/SA-ldapsearch/default/commands.conf, line 31: python.version (value: python3).
Invalid key in stanza [ldaptestconnection] in /opt/splunk/etc/apps/SA-ldapsearch/default/commands.conf, line 41: python.version (value: python3).
Invalid key in stanza [script://./bin/update_hosts.py] in /opt/splunk/etc/apps/splunk_app_for_nix/default/inputs.conf, line 2: python.version (value: python3).
Invalid key in stanza [admin_external:unix_conf] in /opt/splunk/etc/apps/splunk_app_for_nix/default/restmap.conf, line 6: python.version (value: python3).
Invalid key in stanza [admin_external:alert_overlay] in /opt/splunk/etc/apps/splunk_app_for_nix/default/restmap.conf, line 12: python.version (value: python3).
Invalid key in stanza [admin_external:sc_headlines] in /opt/splunk/etc/apps/splunk_app_for_nix/default/restmap.conf, line 22: python.version (value: python3).
Invalid key in stanza [admin_external:unix_configured] in /opt/splunk/etc/apps/splunk_app_for_nix/default/restmap.conf, line 32: python.version (value: python3).

 

Labels (1)
0 Karma

gcusello
Esteemed Legend

Hi @nareshinsvu,

As you surely know, Splunk 8.x usues Python 3, but has also a compatibility mode to continue to use Python 2 but for a little time.

So, as described at https://docs.splunk.com/Documentation/Splunk/8.2.5/Installation/Python3LowEffort , you have at first to install the Splunk Python Readiness App to check your Apps (https://splunkbase.splunk.com/app/5483/) .

Then you have to force the Python 3 version adding in $SPLUNK_HOME/etc/system/local/server.conf the following line

python.version=python3

Ciao.

Giuseppe

0 Karma

nareshinsvu
Builder

Thanks for responding @gcusello 

 Below are the steps performed from my end: I am currently on 7.2.x

1) Installed "Splunk Platform Upgrade Readiness App" - https://splunkbase.splunk.com/app/4698/

2) Ran a full scan of apps and got blockers/warnings for the mentioned apps.

3) Scan recommended to upgrade the apps. I picked the dual-compatible version of the app and upgraded the apps

4) Got the python3 messages after a splunk restart. Since I am on 7.2.x, I have commented those warning lines from the conf files. 
python.version=python3

My question is why is it mentioned as dual compatible when python3 is mentioned in those new versions of the app? And what-ever I did is the right thing?

Post apps upgrade, I ran the scan again and the warnings and blockers are still there with a different message this time. And it has given some syntax changes to the py scripts in detail.

"You can ask the app developer to update this app using their contact information on Splunkbase. If the app is unsupported, you can make changes yourself. Learn more"

Is this App a legit and true scanning app - "Splunk Platform Upgrade Readiness App" ?

0 Karma

nareshinsvu
Builder

And I didnt go for Python Upgrade Readiness App because it said - This app can scan Splunk apps installed on Splunk Enterprise version 7.3 and higher ; while im sitting on 7.2.x and didn't want to upgrade my suite to 7.3.x just to use this app

0 Karma

gcusello
Esteemed Legend

Hi @nareshinsvu,

at first, did you see the upgrade path (https://docs.splunk.com/Documentation/Splunk/latest/Installation/HowtoupgradeSplunk#Upgrade_paths_to... ? from 7.2 to 8.2 you have to pass throgh 8.0 or 8.1, the ones with the dual Python compatibility.

Then, where did you locate splunk version? it must be in $SPLUNK_HOME/etc/system/local/server.conf  not in inputs.conf.

Then the Splunk Platform Upgrade Readiness App is compatible with all versione from 7.1, as you can see at (https://docs.splunk.com/Documentation/UpgradeReadiness/latest/Use/About).

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...