- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: elasticsplunk convert to python3
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello.
Up to Splunk 7 version, it was python2, so I was using the app below to search elasticsearch.
https://github.com/brunotm/elasticsplunk
As I upgraded the Splunk version to 8 and started using python3, the app could not run.
So, I ask if there is a way to use this app.
* How to use it in python3? (If the conversion is successful and is in use, can you share it?)
* Is there an app that can replace it? (I'm not going to use the Elasticsearch Data Integrator - Modular Input app.)
* If there is an app you are using with splunk 8 (python3), please recommend it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I solved it!
I added the path and file below.
$SPLUNK_HOME/etc/apps/{application_name}/local/server.conf
[general]
python.version = python2
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Temporarily solved it with the method below.
$SPLUNK_HOME/etc/system/local/server.conf
[general]
python.version = python2
Since the above method runs in python2 for all apps, I think it will cause problems in the future.
Is there a way to run only a specific app with python2?
Entering the settings below doesn't work in python2.
$SPLUNK_HOME/etc/apps/{application_name}/local/app.conf
[install]
python.version = python2
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I solved it!
I added the path and file below.
$SPLUNK_HOME/etc/apps/{application_name}/local/server.conf
[general]
python.version = python2
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have noticed that the Elasticsplunk app no longer exists https://splunkbase.splunk.com/app/3493 I do not know if you know what the reason is or if it was updated by another APP I would appreciate if you could inform me.
At this moment I need to use that APP or the one that allows me to use the query with the "ess" command.
If possible it would help me a lot which are the configuration files that I have to modify both on splunk and Elasticsearch side.
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...
Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...
