Splunk® Enterprise

Upgrade Readiness

Splunk Enterprise version 7.3 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Scan a Splunk platform instance with the Splunk Python Upgrade Readiness App

Prerequisites

To run scans, a role must hold the admin_all_objects capability, and it must have write permissions for the app as well. See Manage permissions for the Python Upgrade Readiness App. Also ensure the KV store is enabled.

Ensure that you have taken performance factors in consideration. See Install the Python Upgrade Readiness App.

To scan your Splunk platform instance:

  1. In Splunk Web, launch the Python Upgrade Readiness App.
  2. Click Run New Scan.
  3. Select the apps to scan. You can scan private apps, Splunkbase apps that you extended with your own customizations, all apps, or a subset of apps. Private apps include any apps not found on Splunkbase, such as apps that you created.
  4. Review the scan results for each app.
  5. (Optional) Click Export Results to export your scan results. You can choose to export in JSON format.
  6. (Optional) Click Email Result to email your scan results. Make sure to configure email settings. For configuration instructions, see Configure email notifications for your Splunk instance.

You can also run scans using the REST API. For more information, see the REST API reference for the Python Upgrade Readiness App.

Some Splunk apps are too large to scan. If you cannot scan a Splunk app, refer to the app's documentation for updates on Python 3 readiness.

Schedule a scan

The Python Upgrade Readiness App scans all apps daily at 1 AM by default. You can modify the app scan schedule, as follows:

  1. In Splunk Web, launch the Python Upgrade Readiness App.
  2. Click Manage Scan Schedule.
  3. Select Scan my apps on a custom schedule, then specify the scan interval.
  4. Click Save.

Splunk Enterprise users can also disable the scan at any time, as follows:

  1. In Splunk Web, click Settings > Data inputs > Script.
  2. Search for pura_scan_apps.py script within the python_upgrade_readiness_app and click Disable.

After you disable the script, you must explicitly enable it to rerun the scan at the defined interval. Changing the schedule in the Manage Scan Schedule dialog does not enable the script.

Splunk Cloud Platform users cannot disable the script. To request that Support disable the script, submit a case using the Splunk Support Portal.

Disable app list updates

The Python Upgrade Readiness App scan automatically pulls the most up-to-date list of apps and their metadata from Splunkbase daily at 11 PM. Splunk Enterprise users can disable automatic app list updates, as follows:

  1. Click Settings > Data inputs > Scripts.
  2. Find the pura_get_all_apps.py script in python_upgrade_readiness_app.
  3. Click Disable.

Splunk Cloud Platform users cannot disable the script. To request that Support disable the script, submit a case using the Splunk Support Portal.

If you are running the Python Upgrade Readiness App in an air-gapped environment where automatic updates of the app list from Splunkbase are not possible, your can still run scans, but the app list will be limited to the apps packaged with the app.

Act on scan results

Review and act on the scan results for all your private apps. Private apps are apps that are private to your organization and not available on Splunkbase.

Resolve blocking issues in your private apps and your customized Splunkbase apps, if any, as these will block successful upgrade to the Splunk Enterprise Python 3 release. Check all other file paths flagged by the app and determine what actions you must take to make them upgrade ready.

If one or more checks in an app is marked "SKIPPED", this means that the Python Upgrade Readiness App wasn't able to complete the check due to the way the app is packaged. You can repackage the app using the Splunk Packaging Toolkit and run the scan again, or check for the upgrade compatibility issues manually. For more information, see Overview of the Splunk Packaging Toolkit on the Splunk developer portal.

Apps that are compatible with Splunk Enterprise 8.0 and higher, and Python 3, are marked "PASSED", and you may not need to take any further action. It is still recommended to test the app thoroughly. If you have a version of an app that is not compatible with Splunk Enterprise 8.0 and higher and Python 3, but a compatible version is available, the scan results direct you to download that version from Splunkbase to pass the check.

Update Mako templates

In the Splunk Enterprise Python 3 release, some app server components of Splunk Web will use the Python 3.7 interpreter. Update all Mako templates to be Python 3 compatible so they will work on Splunk Web in the new release. If you want the app to continue to work on previous Splunk platform releases, make the syntax dual compatible with Python 2 and 3. If your organization requires you to remove Python 2 syntax completely by a certain schedule, you can rewrite the Mako templates to use dual-compatible syntax as an intermediate step during your upgrade process, then rewrite them to use Python 3 syntax at a later time.

Update all other Python files

The Splunk Enterprise Python 3 release will include interpreters for both Python 2 and 3. In that release, for all Python code not dependent on Splunk Web or the app server, Splunk platform administrators can choose to use either interpreter by default and on a script-by-script basis. In a later release, Splunk plans to remove the Python 2 interpreter.

As a best practice, update Python files in your apps to be compatible with both Python 2 and 3 so that they are backwards compatible with previous releases, compatible with either Python interpreter in the Splunk Enterprise Python 3 release, and compatible with future releases when the Splunk platform removes the Python 2 interpreter. If your organization requires you to remove Python 2 syntax completely by a certain schedule, rewrite them using Python 3 syntax.

To make Python scripts dual compatible, use a Python 2/3 compatibility utility such as six, provided by the Python Software Foundation. For more about the six library, see https://pypi.org/project/six/.

If the Python Upgrade Readiness App identifies one or more Python scripts that are used in scripted alerts, convert those scripted alerts to custom alert actions. Scripted alerts are deprecated and might not work in future releases of the Splunk platform. See Convert a script alert action to a custom alert action in Developing Views and Apps for Splunk Web, but note that the script example shown for the custom alert action has not yet been revised to demonstrate dual-compatible Python syntax.

What to do with scan results for Splunk-supported and third-party apps

Python Upgrade Readiness App scan results include Splunk-supported apps and third-party apps supported by partners and developers. App owners are responsible for updating their apps and releasing new versions that meet these upgrade readiness requirements in support of the Splunk Enterprise Python 3 release.

The Python Upgrade Readiness App scans metadata that public app developers provide with the app to determine if the app is Python 3 compatible. The Python 3 compatibility status of a public app shown in scan results depends on the compatibility information provided by the developer.

If you've extended an app or customized anything locally, review the results for any custom file paths that you've added to that app and take action on those to prepare for upgrade. Otherwise, you can wait for the app owner to make updates.

For third-party apps, you can contact the developer directly using their contact details on Splunkbase to learn more about their upgrade plans. If the developer does not plan to update the app, you can make the updates yourself using the guidance in the scan checks.

Python SDK check

The Python Upgrade Readiness App also scans for the older version of SDK in the app. Any custom app having SDK with a version lower than 1.6.14 packaged, will cause the app to fail.

Dismiss file paths

The Python Upgrade Readiness App lets you dismiss file paths from the scan results. Dismiss files that you have verified are already Python 3 compatible so that you can narrow the list to files that still need your attention.

When you dismiss a file path, the file path moves to the "Dismissed File Paths" table and won't be accounted for in failures of subsequent scans. If you dismiss all impacting file paths, the app status will change from fail to pass.

If you dismiss a path by accident and want to reinstate it in future scans, you must delete the Python Upgrade Readiness App from your Splunk platform instance and then reinstall it.

Dismiss apps

The Python Upgrade Readiness App lets you dismiss an app from the scan results. Dismiss an app after you verify its Python 3 compatibility to narrow the list of apps that still require attention.

Dismissing an app marks the app as an Exception, and the app will not be accounted as a failure in subsequent scans. After you dismiss an app, you can still execute scans on that app and view results.

Email notification

The Python Upgrade Readiness App sends an email notification to admin users which summarizes the results of the latest scan. The app sends this notification at 6 AM every Monday based on the Splunk system time zone. You can disable email notification, as follows:

  1. In Splunk Web, click Settings > Data inputs > Script.
  2. Search for the pura_send_email.py script in python_upgrade_readiness_app and click Disable
    3. .
Last modified on 21 January, 2022

This documentation applies to the following versions of Splunk® Enterprise: 7.3.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters