Splunk: EEMC CEPA Modular Input Script add on – issues when upgrading to 8.2

When we upgraded to Splunk 8.2, this module is no longer working.

Why ?

Splunk 8.2 use python3 by default. This add-on is not compatible with python3 .

How did we fix it?

Logs ? it’s surprising that we don’t see any error in the log. After some research we found that:

Splunk allows us to choose the python version by using the option python.version = python2

In our case we edit this file /opt/splunk/etc/apps/[our_emc_app_name]/default/inputs.conf as below

[default]

[cepa]

index = emc
sourcetype = CEPA
python.version=python2

Restart splunk will fix the issue.

Note: Don’t change the python version at server.conf , if you change the version at server.conf , that version will apply to the whole system, we can’t not override it at application level.


Note: Don’t change the python version at server.conf , if you change the version at server.conf , that version will apply to the whole system, we can’t not override it at application level.

Leave a Reply

Your email address will not be published. Required fields are marked *