Building for the Splunk Platform

Install pyOpenSSL and boto3 for a single app? Drag and drop doesn't work because of missing dependencies.

Path Finder

To this point in time, every time we needed to make a python module available to a single app in Splunk, we would drag and drop the python modules into $SPLUNK_HOME/etc/apps/APP_NAME/bin/MODULE . This has worked until we needed the pyOpenSSL and boto3 libraries which have lots of cryptography and single script dependencies that don't come over correctly.

What I've tried:

1| python3 -m venv $SPLUNK_HOME/etc/apps/APP_NAME/
2| python3 -m pip install (pyOpenSSL, boxsdk, pyJWT, boto3) < base dependencies
3| move $SPLUNK_HOME/etc/apps/APP_NAME/lib/python3.7/site-packages/ > $/SPLUNK_HOME/etc/apps/APP_NAME/bin
4| Put all my app scripts in $/SPLUNK_HOME/etc/apps/APP_NAME/bin alongside all the modules I just installed to that folder using venv
5| Start Splunk
6| search | search_command arg=0

At this point, Splunk tells me that the enum34, ipaddress, chainmap, cryptography (_constant_time module buried in here somewhere doesn't exist where it should) modules don't exist.

I then shut down Splunk, redid steps 1-6 but also installing all those missing modules on step 2. The error I'm getting now is this:
External search command 'boxfiles' returned error code 1. First 1000 (of 1456) bytes of script output: "No module named constant_time ERROR "Error 'No module named _constant_time'. Traceback (most recent call last): File ""/Applications/Splunk/etc/apps/TA-box-connector/bin/box_connector/"", line 3, in from box_connector import BoxConnector File ""/Applications/Splunk/etc/apps/TA-box-connector/bin/box_connector/"", line 10, in from OpenSSL import crypto File ""/Applications/Splunk/etc/apps/TA-box-connector/bin/OpenSSL/"", line 8, in from OpenSSL import crypto, SSL File ""/Applications/Splunk/etc/apps/TA-box-connector/bin/OpenSSL/"", line 12, in from cryptography import x509 File ""/Applications/Splunk/etc/apps/TA-box-connector/bin/cryptography/x509/"", line 8, in from cryptography.x509.base import ( File ""/Applications/Splunk/etc/apps/TA-box-connector/bin/cryptography/x509/"", line 18, in from cryptography.x509.extensions import Exte".

I'd like to solve this error, but I've been working through this dependency issue for some time now, so if there's a better solution to getting these packages on here, I would love to hear about it.

Labels (3)
0 Karma


This is an issue for our app as well, I see that Splunk has pyOpenSSL documented in the 7.2 toolkit, but easily extending an app to use this module or incorporating it on the app lib folder has proven difficult

0 Karma
Get Updates on the Splunk Community!

There's No Place Like Chrome and the Splunk Platform

Watch On DemandMalware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out &gt;&gt; &#x1f3c6; Check out the ...

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...