Eventgen does not start on fresh install of Splunk 8.0 on Windows 10

[dancostello70]

Hello,

The full issue is described here: https://answers.splunk.com/answers/779033/fresh-install-of-splunk-80-sa-eventgen-as-an-app-w.html

The executive summary:

• New fresh install of Splunk 8.0 on Windows 10
• Eventgen installed as an app immediately after starting Splunk (no configuration of Splunk)
• Immediately after restarting Splunk, this error appears in the log:

10-28-2019 19:39:56.170 -0400 ERROR ModularInputs - Unable to initialize modular input "modinput_eventgen" defined in the app "SA-Eventgen": Introspecting scheme=modinput_eventgen: script running failed (exited with code 1)..

The SA-Eventgen app does appear, but "SA-Eventgen" does not appear under Settings --> Data inputs.

I would be very grateful for any insights. Thank you!

--Dan

[li-wu]

Please check the release note here: https://splunkbase.splunk.com/app/1924/

Set the python version to python3.

[dancostello70]

Thank you so much for responding so quickly! My python version was already set to python3, I selected that as the default when I installed version 8.0, and have verified it in my server.conf:

python.version = python3

Can you think of anything else I might try?

[li-wu]

Let me check it on Windows 10 env later. Thank you for your feedback.

[GordonWang]

@dancostello70 I have updated the answer here

Please check if this workaround is OK in your env.

[GordonWang]

This is blocked by a bug in splunk 8.0 about python3. And looks like there is no workaround for this issue.

[GordonWang]

checked with latest splunk enterprise 8.0.3 release on window 10. This issue still exists.