After the installation of the Palo Alto Networks Add-on for Splunk I'm getting a message saying:
Unable to initialize modular input "minemeld_feed" defined in the app "Splunk_TA_paloalto": Introspecting scheme=minemeld_feed: script running failed (exited with code 1)
The Add-on is not doing anything in the web interface. I've tried reinstalling it and also installing an older version, but the error stays the same.
I figured it out, the Add-on does not work with Python 3. Setting Python 2 in the server.conf solved the problem.
I figured it out, the Add-on does not work with Python 3. Setting Python 2 in the server.conf solved the problem.
I have just upgraded my Heavy Forwarder server from 7.3.1 to 8.1.2 version. And we have the add-on already installed in our Heavy Forwarder server.
Splunk_TA_paloalto 6.1.1 version
So post upgrade of my Heavy Forwarder server i am getting the same error as below:
Unable to initialize modular input "minemeld_feed" defined in the app "Splunk_TA_paloalto": Introspecting scheme=minemeld_feed: script running failed (exited with code 1)..
So you have mentioned to update the server.conf with python 2.7 version so actually in which place (server.conf) we need to point out to the Python 2.7 either in the add-on or somewhere else kindly let us know.
Kindly help.
Hi @anandhalagaras1 ,
the file I've changed was under system>local>server.conf, so that the whole splunk instance is running with the old python version.
But now I'm using the latest Palo Alto App + Add-on version 6.6.0, which works fine with python3.
I wish you the best of luck with your problem!
Thank you I have upgrade the add-on to the latest version post which it is working fine as expected.
Thanks for your prompt response.
Here is some additional information from the logs that reappears everytime splunk is restarted: