I was trying to configure mklivestatus to work with Splunk For Nagios and discovered what I think is some kind of odd behaviour with the splunk.Intersplunk.getOrganizedResults( ) method.
I have mklivestatus working on the Nagios server and can see the data when using unixcat, I can also get data when using netcat on both the Nagios server and the Splunk server, I can also see the data if I write a simple Python script that grabs data from the mklivestatus instance (running via xinetd) with no problems.
However when trying to run any of the "live*.py" files within SplunkForNagios/bin they never are successful, and yes I have configured them to use the correct IP and port that mklivestatus is on.
I am also making sure to run the scripts with $SPLUNK_HOME/bin/python rather than the system Python binary.
After some digging I found that it is actually the call to splunk.Intersplunk.getOrganizedResults() that seems to cause the issue, it never returns a value.
It appears to be an issue with the while True loop within the Intersplunk module and method readResults( ).
Not quite sure exactly what is wrong, I've noticed the Python version that ships with Splunk does not have readline compiled in and yet the first line within the while loop calls input_buf.readline() , not quite sure how that is going to work without readline compiled in, but I also tried using a Python version with readline (copying the splunk modules out to it for testing) but this didn't help either.
Any ideas?
... View more