I am using Splunk 8+ and Python 3.6. I am trying to run this https://github.com/0x616c6578/TA-geoip2 plugin.
I get this error message when I look into search.log and try to run the Python command in the log by itself:
C:\Users\strozllc>"C:\Program Files\Splunk\bin\Python3.exe" "C:\Program Files\Splunk\etc\apps\TA-geoip2-main\bin\geoip-command.py
Traceback (most recent call last):
File "C:\Program Files\Splunk\etc\apps\TA-geoip2-main\bin\geoip-command.py", line 8, in <module>
from splunklib.searchcommands import \
File "C:\Program Files\Splunk\etc\apps\TA-geoip2-main\bin\..\lib\splunklib\searchcommands\__init__.py", line 145, in <module>
from .environment import *
File "C:\Program Files\Splunk\etc\apps\TA-geoip2-main\bin\..\lib\splunklib\searchcommands\environment.py", line 20, in <module>
from logging.config import fileConfig
File "C:\Program Files\Splunk\Python-3.7\lib\logging\config.py", line 30, in <module>
import logging.handlers
File "C:\Program Files\Splunk\Python-3.7\lib\logging\handlers.py", line 26, in <module>
import logging, socket, os, pickle, struct, time, re
File "C:\Program Files\Splunk\Python-3.7\lib\socket.py", line 49, in <module>
import _socket
ImportError: Module use of python27.dll conflicts with this version of Python
n.
Huh? I looked at line 8 in geocommand.py and it is from
splunklib.searchcommands import \
dispatch, StreamingCommand, Configuration, Option, validators
I look it C:\Program Files\Splunk\bin, and there is indeed a python27.dll. But how is it getting called?
This is a case of Python 3 trying to run Python 2 code. The latest versions of Splunk (you didn't say which one you're using) only support Python 3 so an error will be thrown when an outdated library file is encountered.
I'd suggest filing an issue on GitHub, but the app appears to be abandonware since it hasn't been touched in a year despite having 4 issues.
Consider forking the code and updating it yourself.