- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Palo Alto Networks App for Splunk 5.0: Why doe...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Palo Alto Networks App for Splunk 5.0: Why does the "pancontentpack" command returned error "ImportError: No module named xmltodict"?
I installed the latest Palo Alto Networks App for Splunk (v5.0) and tried to run the "pancontentpack" script/command to update the applications and threat signatures (app_list.csv & threat_list.csv).
I tried the following search commands, but got the "ImportError: No module named xmltodict" error in search.log
| pancontentpack apps
| pancontentpack threats
search.log
02-02-2016 21:14:26.028 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/panContentPack.py threats': Traceback (most recent call last):
02-02-2016 21:14:26.028 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/panContentPack.py threats': File "/opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/panContentPack.py", line 54, in
02-02-2016 21:14:26.028 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/panContentPack.py threats': import xmltodict
02-02-2016 21:14:26.028 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/panContentPack.py threats': ImportError: No module named xmltodict
02-02-2016 21:14:26.039 ERROR script - sid:1454447665.852 External search command 'pancontentpack' returned error code 1.
Any ideas on how to fix it?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This issue is resolved in version 6.0.0 of the App.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Helllo, Is this issue resolved. Even i am also getting the same error when i am trying to run the saved search to update the metadata.I am using the splunk version 7.0.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, can you tell me what version of Splunk you are using? Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Enterprise 6.3.0
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We found an error and are fixing it, but I don't think it's the same error you're seeing. Can you tell me exactly what version of the App and PAN-OS you are using? Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It was a old post from last year and was fixed. I have a new problem posted at https://answers.splunk.com/answers/581041/palo-alto-networks-app-for-splunk-531-pancontentpa.html. Thanks!
Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration
Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users
Everything Community at .conf24!
