Closed dimarra closed 1 week ago
Fixed this issue by making these changes in modular_input_base_class.py
:
964 # Stop if the host is running SHC and this isn't the captain
965 # if ServerInfo.is_shc_captain(input_config.session_key) == False:
966 # self.logger.debug("The input will be skipped for now since is not the SHC captain")
967
968 # Ok, we are clear to run
969 # else:
970 proceed = True
971 if proceed:
972 # Initialize the document that will be used to output the results
973 self.document = self._create_document()
Running this on a Windows system with Splunk Enterprise running as a Heavy Forwarder. This app fails to generate the file_meta_data events due to failing to start. Failure to start can be traced to the is_shc_captain check where the endpoint
/services/shcluster/status
does not exist2024-09-10 16:14:15,690 ERROR Execution failed Traceback (most recent call last): File "D:\Splunk\etc\apps\file_meta_data\bin\modular_input.zip\modular_input\modular_input_base_class.py", line 1096, in execute self.do_run(in_stream, log_exception_and_continue=True) File "D:\Splunk\etc\apps\file_meta_data\bin\modular_input.zip\modular_input\modular_input_base_class.py", line 965, in do_run if ServerInfo.is_shc_captain(input_config.session_key) == False: File "D:\Splunk\etc\apps\file_meta_data\bin\modular_input.zip\modular_input\shortcuts.py", line 31, in wrapper return function(*args, **kwargs) File "D:\Splunk\etc\apps\file_meta_data\bin\modular_input.zip\modular_input\server_info.py", line 167, in is_shc_captain if not cls.is_on_shc(session_key): File "D:\Splunk\etc\apps\file_meta_data\bin\modular_input.zip\modular_input\shortcuts.py", line 31, in wrapper return function(*args, **kwargs) File "D:\Splunk\etc\apps\file_meta_data\bin\modular_input.zip\modular_input\server_info.py", line 106, in is_on_shc response, _ = simpleRequest('/services/shcluster/status?output_mode=json', sessionKey=session_key) File "D:\Splunk\Python-3.7\lib\site-packages\splunk\rest\__init__.py", line 631, in simpleRequest raise splunk.AuthenticationFailed splunk.AuthenticationFailed: [HTTP 401] Client is not authenticated