python2 compatibility?

[amirofmn]

I know Splunk is moving away from python2 and all apps need to update to python3 but was curious if the commands found in this app could be made python2 compatible? We recently tested 4.0.0 in 7.3.x env and the commands fail to run as only python2 is available in 7.3.x. The failure is in the UI seen is:

Error in 'script': Getinfo probe failed for external search command 'mispgetevent'

In the search.log, we can see the following:

11-13-2020 15:21:43.715 ERROR ScriptRunner - stderr from '/monitor/splunk/bin/python2.7 /monitor/splunk/etc/apps/misp42splunk/bin/mispgetevent.py __GETINFO__ misp_instance=cloudmisp last=7d':    File "/monitor/splunk/etc/apps/misp42splunk/bin/mispgetevent.py", line 19, in <module>
11-13-2020 15:21:43.715 ERROR ScriptRunner - stderr from '/monitor/splunk/bin/python2.7 /monitor/splunk/etc/apps/misp42splunk/bin/mispgetevent.py __GETINFO__ misp_instance=cloudmisp last=7d':      from requests.packages.urllib3.exceptions import InsecureRequestWarning
11-13-2020 15:21:43.715 ERROR ScriptRunner - stderr from '/monitor/splunk/bin/python2.7 /monitor/splunk/etc/apps/misp42splunk/bin/mispgetevent.py __GETINFO__ misp_instance=cloudmisp last=7d':  ImportError: cannot import name InsecureRequestWarning

[remg427]

Hi, I have checked on 7.3.5 and it fails if certificate check is enabled. It works if check is disabled.

[amirofmn]

I verified that we do not have "Check MISP certificate" selected and the python2.7 error messages persist. Can you verify that you're using Splunk's 2.7 python library that comes with 7.3.5 (splunk cmd python --version)?

[amirofmn]

We also tested this app in 8.0.7 and so long as python3 is listed within the various conf files, it works fine. When we change python3 to python2, we start getting errors again. FYI.

[remg427]

version 4.0.1 in this repo has successfully been tested on 7.2.10.1. could you test on your side and provide feedback?