Skip to content

Troubleshooting

General troubleshooting

To be able to troubleshoot the Python part of the add-on, you can use remote_pdb. This can be used for the local development when you have locally installed the Splunk instance and add-on there.

Steps to set up:

  • Put this file in the bin folder
  • Put this line, (import remote_pdb; remote_pdb.RemotePdb(host="0.0.0.0", port=4444).set_trace()), before the line that needs troubleshooting.
  • Go to the console and run telnet 127.0.0.1 4444. It will open a pdb console, where you can start troubleshooting. Refer to the pdb documentation for the available commands.

Splunk calls your modular input only once

If Splunk calls your modular input only once, however, you are specifying an interval within, it should call your script. Check the use_single_instance variable in the get_scheme method of your modular input class. It should be set to False so that Splunk can schedule the input accordingly.

Search for “index=_internal ExecProcessor” and look for “interval: run once” near your script name in order to understand that Splunk does not schedule your modular input script.

ModuleNotFoundError: No module named ‘<library-name>‘

If you see this message in Splunk when your modular input is being run, it means that Splunk could not find a library that you are trying to import.

It can be because:

  • there is no such library in the package/lib folder. Check your package/lib/requirements.txt file to make sure that you have it as part of the requirements.
  • there is no import import_declare_test at the top of your modular input file. Add the mentioned import to the top of your modular input file.

urllib3 >= 2

If you are getting an error (in splunkd.log)

ImportError: urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with OpenSSL 1.0.2k-fips  26 Jan 2017.
See: https://github.com/urllib3/urllib3/issues/2168

when your modular input is running, you need to use urllib3 < 2 in your requirements.txt file.

Compare add-ons generated by 2 different versions of the ucc-gen build

scripts folder has a script, compare_different_ucc_versions_output.sh, which can be used to compare the output of the add-on built by two different versions of the ucc-gen build command.

To run it, copy the script to the add-on folder, and then read the instructions in the script itself. If it does not work for your particular case, feel free to adjust it yourself, or file a feature request for us to improve something.