A Splunk app that is useful for performing troubleshooting and management of networks
License: Apache License 2.0
A Splunk app that is useful for performing troubleshooting and management of networks
I support this app in my free-time and at my own expense. Please consider offering a donation in order to promote continued development. You can donate on Paypal.
If you run splunk in python3 mode:
server.conf
[general]
python.version = python3
the ping modular input is throwing a RuntimeError: dictionary changed size during iteration.
I tested it under linux and windows with the same result.
2020-08-10 17:00:48,131 ERROR Execution failed
Traceback (most recent call last):
File "D:\Tools\Splunk\etc\apps\network_tools\bin\modular_input.zip\modular_input\modular_input_base_class.py", line 1095, in execute
self.do_run(in_stream, log_exception_and_continue=True)
File "D:\Tools\Splunk\etc\apps\network_tools\bin\modular_input.zip\modular_input\modular_input_base_class.py", line 976, in do_run
self.run(stanza, cleaned_params, input_config)
File "D:\Tools\Splunk\etc\apps\network_tools\bin\ping.py", line 179, in run
self.clean_old_threads()
File "D:\Tools\Splunk\etc\apps\network_tools\bin\ping.py", line 108, in clean_old_threads
for thread_stanza in self.threads.keys():
RuntimeError: dictionary changed size during iteration
My workaround was to change
for thread_stanza in self.threads.keys():
to
for thread_stanza in list(self.threads.keys()):
in ping.py.
Another problem is, that if you run splunk in mixed mode and try to set the modular input to run with python3, you get an error about unsupported parameter "python.version":
inputs.conf
[ping://TestPing]
python.version = python3
Thanks for the great app!
Hey Luke,
First and foremost, great App! The whois is working well for my needs!
Would it be possible to add the ability to disable indexing of the results from the search commands? Maybe it's already a setting that I've missed but adjusting the index setting to "nothing" still resulted in events in the main index.
Thanks,
Casey
I'm using the Network Toolkit (v1.5.1) to schedule regular ping tests against about 200 hosts every few minutes. This works really well, but after about a week the pings stop working and I can see something like this in the logs:
2021-06-15 08:07:12,023 ERROR [Errno 12] Cannot allocate memory Traceback (most recent call last): File "/opt/splunk/etc/apps/network_tools/bin/ping.py", line 203, in run_ping results = ping_all(dest, count=runs, logger=self.logger, callback=output_result_callback) File "/opt/splunk/etc/apps/network_tools/bin/network_tools_app/ping_network.py", line 54, in ping_all _, return_code, result = ping(str(dest_network.network_address), count, index=index, logger=logger) File "/opt/splunk/etc/apps/network_tools/bin/network_tools_app/init.py", line 416, in ping raise exception OSError: [Errno 12] Cannot allocate memory
I'm honestly not sure whether this is a Splunk problem or a Python thing - can you help me investigate this further?
Previously asked here: https://community.splunk.com/t5/All-Apps-and-Add-ons/Network-Toolkit-stops-working/m-p/555745
If I might recommend?
Create a simple way to change the index. It would make a good app a bit more slick.
I'm not sure if this app supports splunk cloud, can you please tell if it supports or not
We had upgraded our Splunk instance from version 8.2.6 to 9.1.0.2 but after the upgrade some dashboards aren't working in Network Tools App and we see the followings errors:
Status Overview DashBoard does show any output:
When i executed the the SPL command for Dashbard Status Overview i got the following errors
and i saw this warning in splunkd.log file:
09-06-2023 10:49:12.903 -0400 WARN SearchOperator:kv [4093676 TcpChannelThread] - Invalid key-value parser, ignoring it, transform_name='hydra_access_log_fields'.
09-06-2023 10:49:12.904 -0400 WARN SearchOperator:kv [4093676 TcpChannelThread] - Invalid key-value parser, ignoring it, transform_name='hydra_gateway_log_fields'.
09-06-2023 10:49:12.904 -0400 WARN SearchOperator:kv [4093676 TcpChannelThread] - Invalid key-value parser, ignoring it, transform_name='hydra_scheduler_log_fields'.
09-06-2023 10:49:12.904 -0400 WARN SearchOperator:kv [4093676 TcpChannelThread] - Invalid key-value parser, ignoring it, transform_name='pool_name_field_extraction'.
09-06-2023 10:49:12.904 -0400 WARN SearchOperator:kv [4093676 TcpChannelThread] - Invalid key-value parser, ignoring it, transform_name='hydra_worker_log_fields'.
09-06-2023 10:49:12.931 -0400 WARN SearchOperator:kv [4093676 TcpChannelThread] - Invalid key-value parser, ignoring it, transform_name='pool_name_field_extraction'.
09-06-2023 10:49:12.953 -0400 WARN SearchOperator:kv [4093676 TcpChannelThread] - Invalid key-value parser, ignoring it, transform_name='hydra_logger_fields'.
Could you please help us to resolve this issue.
Hi, I've installed this primarily for the whois lookup. But I cannot get it to feed me results. Checking the logs, I just get
2022-09-12 10:42:24,594 INFO Starting lookup execution
followed by
2022-09-12 10:42:24,601 INFO Lookup completed, runtime=0.01s
in each case. Checking firewall logs, I don't see it being denied access. And I can run whois manually vs the result IPs and get results.
Search text is
index=*network dest_zone="Internet" NOT dest_ip=10.0.0.0/8
| stats count by dest_ip dest_port transport
| sort 3 -count
| lookup whois host as dest_ip
Results list are empty, eg:
dest_ip dest_port transport count asn asn_cidr asn_country_code asn_date asn_registry contact.address contact.email contact.name contact.phone creation_date emails expiration_date id nameservers network.cidr network.end_address network.handle network.ip_version network.links network.name network.parent_handle network.start_address query raw registrar status updated_date whois_server
202.12.27.33 53 udp 237
13.236.168.124 443 tcp 124
52.64.24.140 443 tcp 120
Just an idea,
Include a few default stanza for scheduling tests.
[script://./bin/speedtest.py]
interval = 1800
sourcetype = speedtest
source = speedtest
index = main
disabled = true
We are unable to use some of the tools in this app because of an import error, specifically related to configparser.
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': Exception in thread ping_lookup:
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': Traceback (most recent call last):
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': File "/splunkapp/splunk-9-0-4/lib/python3.7/threading.py", line 926, in _bootstrap_inner
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': self.run()
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': File "/splunkapp/splunk-9-0-4/lib/python3.7/threading.py", line 870, in run
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': self._target(*self._args, **self._kwargs)
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': File "/splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/network_tools_app/custom_lookup.py", line 253, in do_lookup
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': self.execute_lookup(result, w, fieldnames)
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': File "/splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/network_tools_app/custom_lookup.py", line 210, in execute_lookup
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': output = self.do_lookup(**keyword_arguments)
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': File "/splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py", line 55, in do_lookup
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': index = get_default_index()
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': File "/splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/network_tools_app/__init__.py", line 133, in get_default_index
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': app_config = get_app_config(session_key)
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': File "/splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/network_tools_app/__init__.py", line 106, in get_app_config
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': conf = ConfigParser.SafeConfigParser()
02-02-2024 11:24:18.248 ERROR ScriptRunner [17198 phase_1] - stderr from '/splunkapp/splunk-9-0-4/bin/python3.7 /splunkapp/splunk-9-0-4/etc/apps/network_tools/bin/whois_lookup.py host': AttributeError: type object 'ConfigParser' has no attribute 'SafeConfigParser'
After looking into this, it looks like there is the fix for this in the version 1.5.0 on GitHub:
splunk-network-tools/src/bin/network_tools_app/__init__.py
Lines 14 to 16 in 9c1027f
However versions 1.5.0 and 1.5.1 on Splunkbase have the broken import, which seems to be causing issues with newer python versions.
try:
import ConfigParser
except ModuleNotFoundError:
from configparser import ConfigParserIs there a reason why the code for git tag 1.5.0 doesn't match version 1.5.0 on Splunkbase, and can the fixed version be uploaded there?
Thanks
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.