If you are the author or maintainer of a Splunk Add-on then periodically you’ll need to perform some maintenance. You might need to package it again with the latest add-on builder or check it still validates with the latest validation rules. Often this can just be a click through exercise, resulting in a new version which you can upload to splunkbase.
The issue detailed here (outdated version of the Splunk SDK for Python) is a bit more involved though. iDelta have a number of add-ons hosted on the Splunk App Store (splunkbase) and a couple of them have recently failed on validation due to the following error: “Check that Splunk SDK for Python is up-to-date..”
Drilling down on that error in app inspect reveals the following message:
“Detected an outdated version of the Splunk SDK for Python (1.6.6). Upgrade to 1.7.3 or later. File: bin/ta_mulesoft_cloudhub_add_on_for_splunk/aob_py3/solnlib/packages/splunklib/binding.py Line Number: 1371”
In this post we provide a set of steps that worked for us. Hopefully they work for you too.
Step 1 – Preparation
- Take a backup
- Recommended: Upgrade your dev Splunk instance to the latest version of Splunk and the latest add-on builder
- Download the latest Python SDK for Splunk
- Untar the SDK somewhere temporarily (/tmp?) on your dev server
Step 2 – Sanity Check
The error message is complaining about a specific line (1371) in the bindings.py file. If we check this line and those around we see the following:
def request(url, message, **kwargs):
scheme, host, port, path = _spliturl(url)
body = message.get("body", "")
head = {
"Content-Length": str(len(body)),
"Host": host,
"User-Agent": "splunk-sdk-python/1.6.6",We can see the offending version number hard-coded into the HTTP header “User-Agent”.
If we compare this with the bindings.py “def request” function in the latest SDK, we see the following:
def request(url, message, **kwargs):
scheme, host, port, path = _spliturl(url)
body = message.get("body", "")
head = {
"Content-Length": str(len(body)),
"Host": host,
"User-Agent": "splunk-sdk-python/%s" % __version__,We can see that the version string of the User-Agent has been parameterised. Looking at the top of the python file we can see an entry in imports for version:
from splunklib import __version__So, the new SDK certainly has changes in the problem area.
Step 3 – Make the changes
- Stop your Splunk server
- cd into the “bin” directory of your add-on, then cd into the <lower-case TA name with underscores> directory
e.g.cd /opt/splunk/etc/apps/TA-mulesoft-cloudhub-add-on-for-splunk/bin/ta_mulesoft_cloudhub_add_on_for_splunk - Remove the aob_py2 directory (python 2 no longer needed)
e.g.rm -R aob_py2 - Change into the python 3 directory:
cd aob_py3 - Remove the splunklib directory:
rm -R splunklib - Copy in the latest splunklib from the SDK you downloaded (change paths and versions to match your download and extract):
cp -R /tmp/splunk-sdk-1.7.3/splunklib . - Replace the solnlib/packages version of splunklib:
cd solnlib/packages
rm -R splunklib
cp -R /tmp/splunk-sdk-1.7.3/splunklib .
Step 4 – Validation
Perform the following steps to validate the change has worked:
- Start the Splunk Dev server
- Return to the add-on builder validation page and re-run Validate
The “outdated version of the Splunk SDK for Python” error should now be resolved!