After upgrading from TA-OMS_Inputs from v1.2 to v1.3.3 on, splunk v6.5.4 we are getting the following errors when log retrieval is attempted. The upgrade was achieved by removing the old version and installing the new version. Log retrieval from OMS was successful with v1.2
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" Traceback (most recent call last):
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/ta_oms_inputs/modinput_wrapper/base_modinput.py", line 127, in stream_events
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" self.collect_events(ew)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py", line 96, in collect_events
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" input_module.collect_events(self, ew)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/input_module_oms_inputs.py", line 108, in collect_events
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" event = Event()
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" NameError: global name 'Event' is not defined
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py" ERRORglobal name 'Event' is not defined
@jkat54 are you able to advise.
Hi Pete,
I took a quick look at the code for the latest version .
I believe this error message is due to a missing import statement in input_module_oms_inputs.py
The missing import would be:
from splunklib.modularinput import *
which holds definition of the Event class.
Not sure if your tag was taken into account there, so I'll tag the author again so he can have a look and confirm if that is indeed the problem.
@jkat54
Almost looks as if it’s failing to populate a variable called Event. Which makes me think something else is failing.
I have an even newer version of the app in development on my machine so I can’t load the old one to test just yet.
Can you tell me what this search reveals?
index=_internal source=*oms*
Hi Michael,
Here's the anonymized contents of /opt/splunk/var/log/splunk/ta_oms_inputs_oms_inputs.log with debug logging enabled for the add-on
2018-xx-xx xx:28:33,494 INFO pid=36937 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2018-xx-xx xx:28:35,251 INFO pid=36937 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2018-xx-xx xx:28:38,184 INFO pid=36937 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2018-xx-xx xx:28:41,160 INFO pid=36937 tid=MainThread file=splunk_rest_client.py:_request_handler:100 | Use HTTP connection pooling
2018-xx-xx xx:28:41,160 DEBUG pid=36937 tid=MainThread file=binding.py:get:664 | GET request to https://127.0.0.1:8089/servicesNS/nobody/TA-OMS_Inputs/storage/collections/config/TA_OMS_Inputs_chec... (body: {})
2018-xx-xx xx:28:41,161 INFO pid=36937 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
2018-xx-xx xx:28:41,171 DEBUG pid=36937 tid=MainThread file=connectionpool.py:_make_request:387 | "GET /servicesNS/nobody/TA-OMS_Inputs/storage/collections/config/TA_OMS_Inputs_checkpointer HTTP/1.1" 200 5526
2018-xx-xx xx:28:41,172 DEBUG pid=36937 tid=MainThread file=binding.py:new_f:71 | Operation took 0:00:00.011681
2018-xx-xx xx:28:41,172 DEBUG pid=36937 tid=MainThread file=binding.py:get:664 | GET request to https://127.0.0.1:8089/servicesNS/nobody/TA-OMS_Inputs/storage/collections/config/ (body: {'offset': 0, 'search': 'TA_OMS_Inputs_checkpointer', 'count': -1})
2018-xx-xx xx:28:41,175 DEBUG pid=36937 tid=MainThread file=connectionpool.py:_make_request:387 | "GET /servicesNS/nobody/TA-OMS_Inputs/storage/collections/config/?offset=0&search=TA_OMS_Inputs_checkpointer&count=-1 HTTP/1.1" 200 4724
2018-xx-xx xx:28:41,177 DEBUG pid=36937 tid=MainThread file=binding.py:new_f:71 | Operation took 0:00:00.005082
2018-xx-xx xx:28:41,179 DEBUG pid=36937 tid=MainThread file=binding.py:get:664 | GET request to https://127.0.0.1:8089/servicesNS/nobody/TA-OMS_Inputs/storage/collections/data/TA_OMS_Inputs_checkp... (body: {})
2018-xx-xx xx:28:41,181 DEBUG pid=36937 tid=MainThread file=connectionpool.py:_make_request:387 | "GET /servicesNS/nobody/TA-OMS_Inputs/storage/collections/data/TA_OMS_Inputs_checkpointer/last_date HTTP/1.1" 404 140
2018-xx-xx xx:28:41,192 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - Authority:Performing instance discovery: https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
2018-xx-xx xx:28:41,192 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - Authority:Performing static instance discovery
2018-xx-xx xx:28:41,192 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - Authority:Authority validated via static instance discovery
2018-xx-xx xx:28:41,193 INFO pid=36937 tid=MainThread file=log.py:info:103 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - TokenRequest:Getting token with client credentials.
2018-xx-xx xx:28:41,193 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - TokenRequest:No user_id passed for cache query
2018-xx-xx xx:28:41,193 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OAuth2Client:finding with query: {"_clientId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}
2018-xx-xx xx:28:41,193 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OAuth2Client:Looking for potential cache entries:
2018-xx-xx xx:28:41,193 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OAuth2Client:{"_clientId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}
2018-xx-xx xx:28:41,193 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OAuth2Client:Found 0 potential entries.
2018-xx-xx xx:28:41,207 DEBUG pid=36937 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): login.microsoftonline.com
2018-xx-xx xx:28:41,383 DEBUG pid=36937 tid=MainThread file=connectionpool.py:_make_request:400 | https://login.microsoftonline.com:443 "POST /xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/token?api-version=1.0 HTTP/1.1" 200 1376
2018-xx-xx xx:28:41,386 INFO pid=36937 tid=MainThread file=log.py:info:103 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OAuth2Client:Get Token Server returned this correlation_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
2018-xx-xx xx:28:41,387 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OAuth2Client:Adding entry AccessTokenId: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
2018-xx-xx xx:28:41,391 DEBUG pid=36937 tid=MainThread file=log.py:debug:108 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - OAuth2Client:Added entry is MRRT
2018-xx-xx xx:28:41,393 DEBUG pid=36937 tid=MainThread file=connectionpool.py:_new_conn:809 | Starting new HTTPS connection (1): management.azure.com
2018-xx-xx xx:28:43,433 DEBUG pid=36937 tid=MainThread file=connectionpool.py:_make_request:400 | https://management.azure.com:443 "POST /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/x-xxx-xx-xxxx-xxx-xx/providers/Microsoft.OperationalInsights/workspaces/xxxxxx-xxx-xxxxx/search?api-version=2017-04-26-preview HTTP/1.1" 200 None
2018-xx-xx xx:28:43,465 DEBUG pid=36937 tid=MainThread file=base_modinput.py:log_debug:286 | OMSInputName="PCEtest" status="200" step="Post Query" search_params="{'start': '2018-xx-xxT00:00:00', 'top': '1000', 'query': 'Type=xxxxxxxxx', 'end': '2018-xx-xxTxx:28:41'}'
2018-xx-xx xx:28:43,619 ERROR pid=36937 tid=MainThread file=base_modinput.py:log_error:307 | Get error when collecting events.
Traceback (most recent call last):
File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/ta_oms_inputs/modinput_wrapper/base_modinput.py", line 127, in stream_events
self.collect_events(ew)
File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/oms_inputs.py", line 96, in collect_events
input_module.collect_events(self, ew)
File "/opt/splunk/etc/apps/TA-OMS_Inputs/bin/input_module_oms_inputs.py", line 108, in collect_events
event = Event()
NameError: global name 'Event' is not defined
Hi Pete,
I took a quick look at the code for the latest version .
I believe this error message is due to a missing import statement in input_module_oms_inputs.py
The missing import would be:
from splunklib.modularinput import *
which holds definition of the Event class.
Not sure if your tag was taken into account there, so I'll tag the author again so he can have a look and confirm if that is indeed the problem.
@jkat54
Thanks for tagging me
Hi Damien,
Thanks for the reply
Adding the missing import on line 5 of input_module_oms_inputs.py did the trick.
Collection is now successful.
Not sure how this happened. I’m using the add-on builder to package this thing...