Cloud SWG splunk plugin displays message that "app is not compatible with Python 3"
search cancel

Cloud SWG splunk plugin displays message that "app is not compatible with Python 3"

book

Article ID: 227387

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Cloud SWG HTTP logs pulled into Splunk using SyncAPI endpoints.

Cloud SWG Splunk plugin appears to be using Python version 2, which will no longer be available at end of October '22

Splunk Cloud SWG TA reporting "This app is not compatible with Python 3" when importing the Application.

Splunk Cloud SWG TA references multiple incompatible files with python 2 libraries designated.

Splunk Cloud SWG TA requests admin to 'Update this app or uninstall it'.

 

 

Environment

Splunk 8.2.

Cloud SWG Splunk TA plugin v2.0.0.

Cloud SWG SyncAPI endpoint.

Cause

Although the Cloud SWG TA plugins support both Python 2 and Python 3 libraries, Splunk needs to define which library set to use.

In the above case, Splunk was configured to use the Python 2 libraries that were being obsoleted. 

Resolution

Switch Splunk setup from using the default Python 2 library set to Python 3 following instructions defined at https://docs.splunk.com/Documentation/Splunk/8.2.2/Installation/Python3LowEffort

  1. Once you're satisfied that all your scripts are working as expected, specify the global Python 3 runtime in your test environment.
    1. Go to $SPLUNK_HOME/etc/system/local/server.conf and set python.version=python3.
    2. Restart Splunk Enterprise.
    3. Test any Python scripts that are on a critical path, such as scripted authentication, to ensure they continue to work.