How to Resolve Unable to Import cbc_sdk. red_flag
search cancel

How to Resolve Unable to Import cbc_sdk. red_flag

book

Article ID: 376832

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

When setting up Splunk App for CBC, error "Unable to import cbc_sdk. red_flag. No module named 'backports._datetime_fromisoformat'" may occur in python.log to stop Splunk from setting up properly.

Environment

  • Carbon Black Cloud: All supported versions.
  • OS: Windows
  • Splunk App: All supported versions
  • Python: v3.7, 3.8, 3.9

Cause

The backported datetime.fromisoformat() python libraries in Python v3.7, 3.8, 3.9 do not work well and hence need to be downloaded and installed explicitly.

Resolution

Assuming Splunk is installed in C:\Program Files

1. Download: https://bootstrap.pypa.io/pip/3.7/get-pip.py

2. Execute: cd "C:\Program Files\Splunk\bin"

3. Execute: splunk.exe cmd python3 <DownloadLocation>\get-pip.py

4. Execute: cd "C:\Program Files\Splunk\etc\apps\<app>\lib"

5. Execute: "C:\Program Files\Splunk\bin\splunk.exe" cmd python3 -m pip install --upgrade -t . backports._datetime_fromisoformat==2.0.1

6. Restart Splunk App service to apply the fix.

Additional Information

The missing python modules may also cause errors similar to "name '__cbc_version__' is not defined"

Powered by Wolken Software