All Apps and Add-ons

ImportError: No module named splunk.Intersplunk - In ThreatConnect App.

sathiyasun
Explorer

When I try to run the python script have been getting the below error. Please advice. Also, trying to configure the threatconnect app but not luck if you have any steps please share that one as well. Thanks.

[spladmin@Splunklab bin]$ ./tc_report.py
Traceback (most recent call last):
  File "./tc_report.py", line 11, in 
    import splunk.Intersplunk
ImportError: No module named splunk.Intersplunk

[root@Splunklab ~]# whereis python
python: /usr/bin/python /usr/bin/python2.7 /usr/lib/python2.7 /usr/lib64/python2.7 /etc/python /usr/include/python2.7 /usr/share/man/man1/python.1.gz

[root@Splunklab ~]# yum list python
Loaded plugins: enabled_repos_upload, package_upload, product-id, search-disabled-repos, subscription-manager
Installed Packages
python.x86_64                                                                            2.7.5-68.el7                                                                             @rhel-7-server-rpms
Uploading Enabled Repositories Report
Loaded plugins: product-id, subscription-manager
0 Karma

acharlieh
Influencer

I have not dealt with the ThreatConnect app, but their User Guide including setup instructions is available through their site: https://kb.threatconnect.com/customer/portal/articles/2146321--threatconnect-app-for-splunk-enterpri...

I suspect that the python script in question designed to be launched by Splunk / using the built in python that is shipped with Splunk, and is not supposed to be launched using your system python installation. I reach that conclusion through two older answers posts:

First this answer discussing how launching a script directly from the command line is not the same as launching it through Splunk : https://answers.splunk.com/answering/417389/view.html

And then this answer about invoking the python interpreter through Splunk to find out about splunk.Intersplunk from a Splunk installation: https://answers.splunk.com/answering/7910/view.html

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...