search

splunk / splunk-add-on-microsoft-azure

Splunk Add-on for Microsoft Azure
Apache License 2.0
11 stars 9 forks source link

Problem with Add-on in Splunk 9 over Windows Server #12

Closed ghost closed 1 year ago

ghost commented 2 years ago

Hi, I have a problem with the azure add-on on a Splunk 9.0.0 instance. on a Windows Server 2016 Std.

It simply does not open the "Configuration" page, nor does it open the "Inputs" page Any suggestion?

Add-on Azure problem

ghost commented 2 years ago

Today I install a new Splunk 9.0.0.1 in my notebook with Windows 10 and I install the Azure Add-on.

I have this ERRORS logs:

"08-03-2022 09:32:09.275 -0300 INFO ExecProcessor [12184 ExecProcessor] - message from ""C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\splunk_assist\bin\instance_id_modular_input.py"" [assist::instance_id_modular_input.py:256] [get_cluster_mode] [6544] Fetched cluster mode, mode=disabled 08-03-2022 09:32:09.275 -0300 INFO ExecProcessor [12184 ExecProcessor] - message from ""C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\splunk_assist\bin\instance_id_modular_input.py"" [assist::instance_id_modular_input.py:30] [should_run] [6544] should run test, sh=True 08-03-2022 09:32:09.985 -0300 WARN LocalAppsAdminHandler [13656 TcpChannelThread] - Using deprecated capabilities for write: admin_all_objects or edit_local_apps. See enable_install_apps in limits.conf 08-03-2022 09:32:10.921 -0300 INFO ExecProcessor [12184 ExecProcessor] - message from ""C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\splunk_assist\bin\instance_id_modular_input.py"" [assist::instance_id_modular_input.py:21] [_exec] [6544] Current instance id, instance_id=77394cbf-51c1-462c-92ac-ccf1ded5dbb8 08-03-2022 09:32:10.921 -0300 INFO ExecProcessor [12184 ExecProcessor] - message from ""C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\splunk_assist\bin\instance_id_modular_input.py"" [assist::instance_id_modular_input.py:68] [do_run] [6544] instance_id status, instance_id=77394cbf-51c1-462c-92ac-ccf1ded5dbb8 08-03-2022 09:32:11.289 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_account.py" persistent}: Traceback (most recent call last): 08-03-2022 09:32:11.289 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_account.py" persistent}: File "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_account.py", line 2, in 08-03-2022 09:32:11.289 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_account.py" persistent}: import import_declare_test 08-03-2022 09:32:11.289 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_account.py" persistent}: File "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\import_declare_test.py", line 20, in 08-03-2022 09:32:11.289 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_account.py" persistent}: import pwd 08-03-2022 09:32:11.289 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_account.py" persistent}: ModuleNotFoundError: No module named 'pwd' 08-03-2022 09:32:11.423 -0300 WARN PersistentScript [14160 PersistentScriptIo] - Process {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_account.py" persistent}: exited with code 1 08-03-2022 09:32:11.562 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: Traceback (most recent call last): 08-03-2022 09:32:11.562 -0300 ERROR AdminManagerExternal [12916 TcpChannelThread] - Received malformed XML from external handler: 08-03-2022 09:32:11.562 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: File "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py", line 2, in 08-03-2022 09:32:11.562 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: import import_declare_test 08-03-2022 09:32:11.562 -0300 ERROR AdminManagerExternal [12916 TcpChannelThread] - Unable to xml-parse the following data: %s 08-03-2022 09:32:11.562 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: File "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\import_declare_test.py", line 20, in 08-03-2022 09:32:11.562 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: import pwd 08-03-2022 09:32:11.562 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: ModuleNotFoundError: No module named 'pwd' 08-03-2022 09:32:11.751 -0300 WARN PersistentScript [14160 PersistentScriptIo] - Process {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: exited with code 1 08-03-2022 09:32:11.948 -0300 ERROR AdminManagerExternal [23068 TcpChannelThread] - Received malformed XML from external handler: 08-03-2022 09:32:11.948 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: Traceback (most recent call last): 08-03-2022 09:32:11.948 -0300 ERROR AdminManagerExternal [23068 TcpChannelThread] - Unable to xml-parse the following data: %s 08-03-2022 09:32:11.948 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: File "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py", line 2, in 08-03-2022 09:32:11.948 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: import import_declare_test 08-03-2022 09:32:11.948 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: File "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\import_declare_test.py", line 20, in 08-03-2022 09:32:11.948 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: import pwd 08-03-2022 09:32:11.948 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: ModuleNotFoundError: No module named 'pwd' 08-03-2022 09:32:11.948 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_account.py" persistent}: Traceback (most recent call last): 08-03-2022 09:32:11.948 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_account.py" persistent}: File "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_account.py", line 2, in 08-03-2022 09:32:11.948 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_account.py" persistent}: import import_declare_test 08-03-2022 09:32:11.948 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_account.py" persistent}: File "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\import_declare_test.py", line 20, in 08-03-2022 09:32:11.948 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_account.py" persistent}: import pwd 08-03-2022 09:32:11.948 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_account.py" persistent}: ModuleNotFoundError: No module named 'pwd' 08-03-2022 09:32:11.966 -0300 WARN PersistentScript [14160 PersistentScriptIo] - Process {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: exited with code 1 08-03-2022 09:32:12.058 -0300 ERROR AdminManagerExternal [13656 TcpChannelThread] - Received malformed XML from external handler: 08-03-2022 09:32:12.058 -0300 ERROR AdminManagerExternal [13656 TcpChannelThread] - Unable to xml-parse the following data: %s 08-03-2022 09:32:12.064 -0300 WARN PersistentScript [14160 PersistentScriptIo] - Process {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_account.py" persistent}: exited with code 1 08-03-2022 09:32:12.274 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: Traceback (most recent call last): 08-03-2022 09:32:12.274 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: File "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py", line 2, in 08-03-2022 09:32:12.274 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: import import_declare_test 08-03-2022 09:32:12.274 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: File "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\import_declare_test.py", line 20, in 08-03-2022 09:32:12.274 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: import pwd 08-03-2022 09:32:12.274 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: ModuleNotFoundError: No module named 'pwd' 08-03-2022 09:32:12.367 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: Traceback (most recent call last): 08-03-2022 09:32:12.367 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: File "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py", line 2, in 08-03-2022 09:32:12.367 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: import import_declare_test 08-03-2022 09:32:12.367 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: File "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\import_declare_test.py", line 20, in 08-03-2022 09:32:12.367 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: import pwd 08-03-2022 09:32:12.367 -0300 ERROR PersistentScript [14160 PersistentScriptIo] - From {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: ModuleNotFoundError: No module named 'pwd' 08-03-2022 09:32:12.415 -0300 WARN PersistentScript [14160 PersistentScriptIo] - Process {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: exited with code 1 08-03-2022 09:32:12.556 -0300 WARN PersistentScript [14160 PersistentScriptIo] - Process {"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-MS-AAD\bin\TA_MS_AAD_rh_settings.py" persistent}: exited with code 1 08-03-2022 09:32:12.556 -0300 ERROR AdminManagerExternal [23068 TcpChannelThread] - Received malformed XML from external handler: 08-03-2022 09:32:12.556 -0300 ERROR AdminManagerExternal [23068 TcpChannelThread] - Unable to xml-parse the following data: %s 08-03-2022 09:32:12.647 -0300 ERROR AdminManagerExternal [13656 TcpChannelThread] - Received malformed XML from external handler: 08-03-2022 09:32:12.647 -0300 ERROR AdminManagerExternal [13656 TcpChannelThread] - Unable to xml-parse the following data: %s 08-03-2022 09:32:15.884 -0300 INFO TailReader [4088 tailreader0] - Batch input finished reading file='C:\Program Files\Splunk\var\spool\splunk\tracker.log'"

JasonConger commented 2 years ago

The root cause has been identified as a Python module import.

Workaround:

  1. Open the file import_declare_test.py located in $SPLUNK_HOME/etc/apps/TA-MS-AAD/bin

  2. Comment out the import pwd line. It should look like this:

    import os
#import pwd
import sys

  3. Restart Splunk

ghost commented 1 year ago

Thanks Jason, with those changes it worked

JasonConger commented 1 year ago

Addressed in 4.0.3