Unable to initialize modular input "azure_monitor_metrics" defined inside the app "TA-Azure_Monitor": Introspecting scheme=azure_monitor_metrics: script running failed (exited with code 1).

[droodleskins]

Querying the install instructions : Suse env.

Splunk uses python 2.7 so why is there a dependency to install it again ?

Also with node.js

I get :

node -v v6.9.1

but then :

/etc/apps/TA-Azure_Monitor/bin/app> npm install If 'npm' is not a typo you can use command-not-found to lookup the package that contains it, like this: cnf npm /etc/apps/TA-Azure_Monitor/bin/app> cnf npm

The program 'npm' can be found in following packages:

• nodejs-common [ path: /usr/bin/npm, repository: zypp (SMT-http_smt-azure_susecloud_net:SLE-Module-Web-Scripting12-Updates) ]
• npm4 [ path: /usr/bin/npm, repository: zypp (SMT-http_smt-azure_susecloud_net:SLE-Module-Web-Scripting12-Updates) ]
• npm6 [ path: /usr/bin/npm, repository: zypp (SMT-http_smt-azure_susecloud_net:SLE-Module-Web-Scripting12-Updates) ]

Try installing with: sudo zypper install

[sebastus]

re: python. because I didn't want to take a dependency on something that Splunk controls. They could change something that would break the add-on. re: npm. On most unix systems I have had to install npm. I use the installation instructions at npmjs.org. If you already have it, there's no reason to re-install it.

[droodleskins]

Ok thanks so in need to install python externally outside splunk?

[sebastus]

The requirement during installation is to run pip. pip can't be installed without python. So installing python outside Splunk is required.

On Thu, Sep 6, 2018 at 9:52 AM droodleskins notifications@github.com wrote:

Ok thanks so in need to install python externally outside splunk?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Microsoft/AzureMonitorAddonForSplunk/issues/73#issuecomment-419016730, or mute the thread https://github.com/notifications/unsubscribe-auth/ABOrrDDVUH4MfLZTCka074XcaNWt-jP2ks5uYOJHgaJpZM4WcSJ2 .

[loum3]

I have this same error on splunk running on a Windows server. I had to use this syntax on windows to install the python piece. Python -m pip install adal vs what is stated here- > https://github.com/Microsoft/AzureMonitorAddonForSplunk/wiki/Installation-on-Windows I've restarted splunk and the server, and enabled/disabled. I have the other two components functional, just not the monitor

[sebastus]

@loumandich Sorry, missed this message. When you say "just not the monitor", do you mean you're not getting metrics?

[loum3]

Hi @sebastus This is a picture of the error during start up/restart.

I only see Azure Monitor Activity Log and Azure Monitor Diagnostics log when I look at the Data Inputs section. I don't see Azure Monitor Metrics. See below.

I hope I explained it a bit better this time, sorry about that.

[sebastus]

It's kind of surprising that the metrics aren't working but the logs are. Usually it's the other way around. 99% of the time, this is due to dependencies. Did you go through the Python dependencies? As long as you're getting the "unable to initialize" message, metrics won't appear in the list of data inputs. The error 1 can sometimes be drilled into by executing the command inside azure_monitor_metrics.sh file at the command line. Define $SPLUNK_HOME, then run command inside the .sh (type the command - don't run the .sh) - frequently in this situation Python will print a message saying what the problem is.

[loum3]

I will give that a try. I did have to add both python and node.js https://www.python.org/downloads/release/python-2712/ and the node.js pieces. Python -m pip install adal is the syntax I used.

Since those are installed now, is there an easier way to just remove the add on and restart now that I have python and node.js ?

[sebastus]

Did you install other python libraries as defined on this page: https://github.com/Microsoft/AzureMonitorAddonForSplunk/wiki/Installation-on-Linux ? Not sure what you mean about removing the add-on, etc. If you remove the add-on, you remove the dependencies as well, since many of them are in the same folder structure. By "dependencies", I mean the various libraries in the python and node languages that support the add-on requirements. I'm not referring to the languages themselves, though in many cases they are also required.

[loum3]

No, I used this page. https://github.com/Microsoft/AzureMonitorAddonForSplunk/wiki/Installation-on-Windows my install syntax wasn't pip install adal pip install splunk-sdk pip install futures

I had to use this syntax on windows Python -m pip install adal (repeat for sdk/futures) I'm new to python don't have much experience there.

[sebastus]

Oh - sorry. You did say that. You're on Windows. ;) What version of the add-on are you running?

[loum3]

Questions- is that the right syntax I figured out for windows with/python ? The add-on I pulled was 1.3 Splunk is 7.1.2 Before I tried this one I was working with the Splunk Add-on for Microsoft Cloud Services from the splunk site. My earlier comment was more along the lines of how do I remove this App from splunk and start over, or the other splunk add on. I see enable/disable, but not a remove or uninstall. I'm glad to try those commands, I'm guessing from a Windows Admin Command Prompt ?

[sebastus]

To remove an add-on is quite simple. You need to drill into the Splunk folders and delete a folder containing the add-on. The add-on folder is named like "TA-whatever". It should be obvious based on which add-on you want to remove. The TA folders are located in $SPLUNK_HOME/etc/apps/. On a Windows box, $SPLUNK_HOME = c:\program files\splunk.

V1.3 has an additional requirement. Looks like we need to fix up am_depends_windows.sh. This is almost certainly the cause of your troubles with the metrics data input. Run this in an administrator CMD prompt:

pip install msrestazure -t $SPLUNK_HOME/etc/apps/TA-Azure_Monitor/bin

[loum3]

This looks better, will restart splunk and check C:\Python27\Scripts>pip install msrestazure -t $SPLUNK_HOME/etc/apps/TA-Azure_Monitor/bin Collecting msrestazure Downloading https://files.pythonhosted.org/packages/a4/48/cfa54772365b4d0b8f3e7af16354db768b0317b3273265b37c14f71b705b/msrestazure-0.5.0-py2.py3-none-any.whl Collecting adal<2.0.0,>=0.6.0 (from msrestazure) Using cached https://files.pythonhosted.org/packages/15/2b/8f674c2a20bb2a55f8f1c8fb7a458c9b513409b2cfc42f73e4cbc1ee757e/adal-1.1.0-py2.py3-none-any.whl Collecting msrest<2.0.0,>=0.4.28 (from msrestazure) Downloading https://files.pythonhosted.org/packages/ad/2a/37b2481fa1a7cd727c07d20cbcb0a3f9bf9dd994930f44dd9770df15c28d/msrest-0.5.5-py2.py3-none-any.whl (47kB) 100% |################################| 51kB 898kB/s Collecting requests>=2.0.0 (from adal<2.0.0,>=0.6.0->msrestazure) Using cached https://files.pythonhosted.org/packages/65/47/7e02164a2a3db50ed6d8a6ab1d6d60b69c4c3fdf57a284257925dfc12bda/requests-2.19.1-py2.py3-none-any.whl Collecting cryptography>=1.1.0 (from adal<2.0.0,>=0.6.0->msrestazure) Using cached https://files.pythonhosted.org/packages/76/51/63d1185a47fd1185acec681d124182db5b2719909eb6f541952db8c3f18d/cryptography-2.3.1-cp27-cp27m-win_amd64.whl Collecting PyJWT>=1.0.0 (from adal<2.0.0,>=0.6.0->msrestazure) Using cached https://files.pythonhosted.org/packages/93/d1/3378cc8184a6524dc92993090ee8b4c03847c567e298305d6cf86987e005/PyJWT-1.6.4-py2.py3-none-any.whl Collecting python-dateutil>=2.1.0 (from adal<2.0.0,>=0.6.0->msrestazure) Using cached https://files.pythonhosted.org/packages/cf/f5/af2b09c957ace60dcfac112b669c45c8c97e32f94aa8b56da4c6d1682825/python_dateutil-2.7.3-py2.py3-none-any.whl Collecting certifi>=2017.4.17 (from msrest<2.0.0,>=0.4.28->msrestazure) Using cached https://files.pythonhosted.org/packages/df/f7/04fee6ac349e915b82171f8e23cee63644d83663b34c539f7a09aed18f9e/certifi-2018.8.24-py2.py3-none-any.whl Collecting enum34>=1.0.4 (from msrest<2.0.0,>=0.4.28->msrestazure) Using cached https://files.pythonhosted.org/packages/c5/db/e56e6b4bbac7c4a06de1c50de6fe1ef3810018ae11732a50f15f62c7d050/enum34-1.1.6-py2-none-any.whl Collecting typing (from msrest<2.0.0,>=0.4.28->msrestazure) Downloading https://files.pythonhosted.org/packages/cc/3e/29f92b7aeda5b078c86d14f550bf85cff809042e3429ace7af6193c3bc9f/typing-3.6.6-py2-none-any.whl Collecting requests-oauthlib>=0.5.0 (from msrest<2.0.0,>=0.4.28->msrestazure) Downloading https://files.pythonhosted.org/packages/94/e7/c250d122992e1561690d9c0f7856dadb79d61fd4bdd0e598087dce607f6c/requests_oauthlib-1.0.0-py2.py3-none-any.whl Collecting isodate>=0.6.0 (from msrest<2.0.0,>=0.4.28->msrestazure) Downloading https://files.pythonhosted.org/packages/9b/9f/b36f7774ff5ea8e428fdcfc4bb332c39ee5b9362ddd3d40d9516a55221b2/isodate-0.6.0-py2.py3-none-any.whl (45kB) 100% |################################| 51kB 2.0MB/s Collecting urllib3<1.24,>=1.21.1 (from requests>=2.0.0->adal<2.0.0,>=0.6.0->msrestazure) Using cached https://files.pythonhosted.org/packages/bd/c9/6fdd990019071a4a32a5e7cb78a1d92c53851ef4f56f62a3486e6a7d8ffb/urllib3-1.23-py2.py3-none-any.whl Collecting idna<2.8,>=2.5 (from requests>=2.0.0->adal<2.0.0,>=0.6.0->msrestazure) Using cached https://files.pythonhosted.org/packages/4b/2a/0276479a4b3caeb8a8c1af2f8e4355746a97fab05a372e4a2c6a6b876165/idna-2.7-py2.py3-none-any.whl Collecting chardet<3.1.0,>=3.0.2 (from requests>=2.0.0->adal<2.0.0,>=0.6.0->msrestazure) Using cached https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl Collecting ipaddress (from cryptography>=1.1.0->adal<2.0.0,>=0.6.0->msrestazure) Using cached https://files.pythonhosted.org/packages/fc/d0/7fc3a811e011d4b388be48a0e381db8d990042df54aa4ef4599a31d39853/ipaddress-1.0.22-py2.py3-none-any.whl Collecting six>=1.4.1 (from cryptography>=1.1.0->adal<2.0.0,>=0.6.0->msrestazure) Using cached https://files.pythonhosted.org/packages/67/4b/141a581104b1f6397bfa78ac9d43d8ad29a7ca43ea90a2d863fe3056e86a/six-1.11.0-py2.py3-none-any.whl Collecting cffi!=1.11.3,>=1.7 (from cryptography>=1.1.0->adal<2.0.0,>=0.6.0->msrestazure) Using cached https://files.pythonhosted.org/packages/89/12/684bad296567b9300c7ac82a4f635b489ed589fa7c0bb2042208e3c020e3/cffi-1.11.5-cp27-cp27m-win_amd64.whl Collecting asn1crypto>=0.21.0 (from cryptography>=1.1.0->adal<2.0.0,>=0.6.0->msrestazure) Using cached https://files.pythonhosted.org/packages/ea/cd/35485615f45f30a510576f1a56d1e0a7ad7bd8ab5ed7cdc600ef7cd06222/asn1crypto-0.24.0-py2.py3-none-any.whl Collecting oauthlib>=0.6.2 (from requests-oauthlib>=0.5.0->msrest<2.0.0,>=0.4.28->msrestazure) Downloading https://files.pythonhosted.org/packages/e6/d1/ddd9cfea3e736399b97ded5c2dd62d1322adef4a72d816f1ed1049d6a179/oauthlib-2.1.0-py2.py3-none-any.whl (121kB) 100% |################################| 122kB 2.1MB/s Collecting pycparser (from cffi!=1.11.3,>=1.7->cryptography>=1.1.0->adal<2.0.0,>=0.6.0->msrestazure) Downloading https://files.pythonhosted.org/packages/68/9e/49196946aee219aead1290e00d1e7fdeab8567783e83e1b9ab5585e6206a/pycparser-2.19.tar.gz (158kB) 100% |################################| 163kB 1.7MB/s Installing collected packages: urllib3, idna, certifi, chardet, requests, enum34, ipaddress, six, pycparser, cffi, asn1crypto, cryptography, PyJWT, python-dateutil, adal, typing, oauthlib, requests-oauthlib, isodate, msrest, msrestazure Running setup.py install for pycparser ... done Successfully installed PyJWT-1.6.4 adal-1.1.0 asn1crypto-0.24.0 certifi-2018.8.24 cffi-1.11.5 chardet-3.0.4 cryptography-2.3.1 enum34-1.1.6 idna-2.7 ipaddress-1.0.22 isodate msrest msrestazure oauthlib pycparser-2.18 python-dateutil-2.7.3 requests-2.19.1 requests-oauthlib six-1.11.0 typing urllib3-1.23 You are using pip version 8.1.1, however version 18.0 is available. You should consider upgrading via the 'python -m pip install --upgrade pip' command.

[loum3]

Unfortunately still same error. Should I delete and re-add it to start over ?

[sebastus]

Did you execute the rest of the commands in the installation script?

https://github.com/Microsoft/AzureMonitorAddonForSplunk/blob/master/packages/am_depends_win.cmd

[loum3]

Testing- will let you know, thanks!

[loum3]

@sebastus I did pull down -> TA-Azure_Monitor_1_3_1.spl and updated the app. I'm still having the same error. You had mentioned a .sh file above -> azure_monitor_metrics.sh file at the command line. Define $SPLUNK_HOME, then run command inside the .sh (type the command - don't run the .sh) - frequently in this situation Python will print a message saying what the problem is.. I don't see that anywhere within the install.

[sebastus]

It's in the TA folder, bin.

On Tue, Sep 25, 2018, 10:56 PM loumandich notifications@github.com wrote:

@sebastus https://github.com/sebastus I did pull down -> TA-Azure_Monitor_1_3_1.spl and updated the app. I'm still having the same error. You had mentioned a .sh file above -> azure_monitor_metrics.sh file at the command line. Define $SPLUNK_HOME, then run command inside the .sh (type the command - don't run the .sh) - frequently in this situation Python will print a message saying what the problem is.. I don't see that anywhere within the install.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Microsoft/AzureMonitorAddonForSplunk/issues/73#issuecomment-424515331, or mute the thread https://github.com/notifications/unsubscribe-auth/ABOrrBGLFsD2Fme5ZtoYhi1-XxNW7PfAks5ueqaOgaJpZM4WcSJ2 .

[loum3]

That's what I thought too, this is what I see.

C:\Program Files\Splunk\etc\apps\TA-Azure_Monitor\bin>dir a*

09/25/2018 09:37 PM 73 azure_activity_log.cmd 09/25/2018 09:37 PM 597 azure_activity_log.sh 09/25/2018 09:37 PM 76 azure_diagnostic_logs.cmd 09/25/2018 09:37 PM 599 azure_diagnostic_logs.sh 09/25/2018 09:37 PM 4,615 azure_monitor_metrics.py 09/25/2018 09:37 PM 9,982 azure_monitor_metrics_main.py 09/25/2018 09:37 PM 8,536 azure_monitor_metrics_main.pyc

[sebastus]

My apologies, of course you're right. The metrics data input is python and it's invoked differently. Do this:

.../TA-Azure_monitor/bin# /opt/splunk/bin/splunk cmd python azure_monitor_metrics.py

if any dependencies are unreachable, python should complain more or less immediately back to the command line.

[loum3]

I think the command above may be Unix/Linux based. I'd added Python2.7 to the Windows System Environment Path, should I be using that one or the Python.exe in the C:\Program Files\Splunk\Bin folder, since the date stamps matched I didn't think it would matter. I then switched to the bin directory under C:\Program Files\Splunk\etc\apps\TA-Azure_Monitor\bin to execute it, I ran in admin cmd window-> python azure_monitor_metrics.py It hangs so I CTRL-Z to get out, this is the output.

C:\Program Files\Splunk\etc\apps\TA-Azure_Monitor\bin>python azure_monitor_metrics.py ERRORno element found: line 1, column 0Traceback (most recent call last): File "azure_monitor_metrics.py", line 126, in sys.exit(AzureMonitorMetrics().run(sys.argv)) File "C:\Python27\lib\site-packages\splunklib\modularinput\script.py", line 56, in run return self.run_script(args, EventWriter(), sys.stdin) File "C:\Python27\lib\site-packages\splunklib\modularinput\script.py", line 108, in run_script event_writer._err.write(err_string) KeyboardInterrupt

[sebastus]

An apparent "hang" is what we hope for. It just means it's listening for data, normally. Please contact me at golive@microsoft.com so we can connect for deeper debugging.

[loum3]

Thank you for the help, patience and assistance, all is working now, thanks! Case closed.