Splunk® Enterprise

Upgrade Readiness

Splunk Enterprise version 8.0 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Scan a Splunk platform instance with the Splunk Python Upgrade Readiness App

Prerequisites

To run scans, a role must hold the admin_all_objects capability. See Manage permissions for the Python Upgrade Readiness App. Also ensure that the KV store is enabled.

Make sure to take performance factors into consideration. See Install the Python Upgrade Readiness App.

The Python Upgrade Readiness App version 2.0.0 no longer supports manual scans.

To scan your Splunk platform instance:

  1. The Python Upgrade Readiness App automatically scans all apps daily at 1 AM by default. Scan results appear automatically after the scan completes.
  2. Review the scan results for each app.
  3. (Optional) Click Export Results to export your scan results. You can choose to export in JSON format.
  4. (Optional) Click Email Result to email your scan results. Make sure to configure email settings. For configuration instructions, see Configure email notifications for your Splunk instance.

You can also run scans using the REST API. For more information, see the REST API reference for the Python Upgrade Readiness App.

Some Splunk apps are too large to scan. If you cannot scan a Splunk app, refer to the app's documentation for updates on Python 3 readiness.

Schedule a scan

The Python Upgrade Readiness App scans all apps daily at 1 AM by default. You can modify the app scan schedule, as follows:

  1. In Splunk Web, launch the Python Upgrade Readiness App.
  2. Click Manage Scan Schedule.
  3. Select Scan my apps on a custom schedule, then specify the scan interval.
  4. Click Save.

The scan schedule applies to both local search heads and remote indexers.

Disable the scan

You can disable the scan at any time, as follows:

  1. Click Manage Scan Schedule.
  2. Select Turn Scan Off.
  3. Click Save.
    Your request is saved to the KV Store, but the schedule change can take up to 2 hours to be reflected on the indexing tier.

After you disable the scan, you must explicitly enable it to rerun the scan at the defined interval. Changing the schedule in the Manage Scan Schedule dialog does not reenable the scan. Any modification to the scan schedule will be reflected on indexers (remote instances) and search heads (local instances) after 2 hours.

Disable app list updates

The Python Upgrade Readiness App pulls Splunkbase apps and metadata daily at 11 PM. You can disable automatic app list updates, as follows:

  1. Click Settings > Data inputs > Scripts.
  2. Find the pura_get_all_apps.py script in python_upgrade_readiness_app.
  3. Click Disable.

Disabling app list updates applies to standalone instances and not to Splunk Cloud Platform.

If you are running the Python Upgrade Readiness App in an air-gapped environment where automatic updates of the app list from Splunkbase are not possible, you can still run scans, but the app list will be limited to the apps packaged with the app.

Act on scan results

Public Apps

Review and act on the scan results for all of your public apps. Public apps are apps that are available on Splunkbase.

The Python Upgrade Readiness App scan results of public apps include Splunk-supported apps and third-party apps supported by partners and developers. App owners are responsible for updating their apps and releasing new versions that meet the upgrade readiness requirements of the Splunk Enterprise Python 3 release.

If you've extended an app or customized anything locally, review the results for any custom file paths that you've added to that app and take action on those to prepare for the upgrade. Otherwise, you can wait for the app owner to make updates.

For third-party apps, you can contact the developer directly using their contact details on Splunkbase to learn more about their upgrade plans. If the developer does not plan to update the app, you can make the updates yourself using the guidance in the private scan checks.

If you have a version of a public app that is not compatible with Splunk Enterprise 8.0 and later and Python 3, but a compatible version is available, then the scan results will direct you to download that version from Splunkbase to pass the check.

The Public App status will fail and display a warning icon for any public app that does not have a version available in the splunkbase.csv list. This list is shipped with the app and updated in the 11PM GMT sync to Splunkbase. In the event that a connection to Splunkbase fails, the most recent or the shipped .csv will be used in respective order as a failsafe.

Private apps

Review and act on the scan results for all of your private apps. Private apps are apps that are private to your organization and not available on Splunkbase.

Resolve blocking issues in your private apps and your customized Splunkbase apps, if any, as these will block successful upgrade to the Splunk Enterprise Python 3 release. Check all other file paths flagged by the app and determine what actions you must take to make them upgrade ready.

If one or more checks in an app is marked "SKIPPED", this means that the Python Upgrade Readiness App wasn't able to complete the check due to the way the app is packaged. You can repackage the app using the Splunk Packaging Toolkit and run the scan again, or check for the upgrade compatibility issues manually. For more information, see Overview of the Splunk Packaging Toolkit on the Splunk developer portal.

Apps that are compatible with Splunk Enterprise 8.0 and higher, and Python 3, are marked as "PASSED", and you may not need to take any further action. It is still recommended to test the app thoroughly.

Update Mako templates

In the Splunk Enterprise Python 3 release, some app server components of Splunk Web will use the Python 3.7 interpreter. Update all Mako templates to be Python 3 compatible so they will work on Splunk Web in the new release. If you want the app to continue to work on previous Splunk platform releases, make the syntax dual compatible with Python 2 and 3. If your organization requires you to remove Python 2 syntax completely by a certain date, you can rewrite the Mako templates to use dual-compatible syntax as an intermediate step during your upgrade process, then rewrite them to use Python 3 syntax at a later time.

Update all other Python files

The Splunk Enterprise Python 3 release will initially include interpreters for both Python 2 and 3. In that release, for all Python code not dependent on Splunk Web or the app server, Splunk platform administrators can choose to use either interpreter by default and on a script-by-script basis. In a later release, Splunk plans to remove the Python 2 interpreter.

As a best practice, update Python files in your apps to be compatible with both Python 2 and 3 so that they are backwards compatible with previous releases, compatible with either Python interpreter in the Splunk Enterprise Python 3 release, and compatible with future releases when the Splunk platform removes the Python 2 interpreter. If your organization requires you to remove Python 2 syntax completely by a certain schedule, rewrite them using Python 3 syntax.

To make Python scripts dual compatible, use a Python 2/3 compatibility utility such as six, provided by the Python Software Foundation. For more about the six library, see https://pypi.org/project/six/.

If the Python Upgrade Readiness App identifies one or more Python scripts that are used in scripted alerts, convert those scripted alerts to custom alert actions. Scripted alerts are deprecated and might not work in future releases of the Splunk platform. See Convert a script alert action to a custom alert action in Developing Views and Apps for Splunk Web, but note that the script example shown for the custom alert action has not yet been revised to demonstrate dual-compatible Python syntax.

Dismiss file paths

The Python Upgrade Readiness App lets you dismiss individual file paths from the scan results. Dismiss files that you have verified are already Python 3 compatible so that you can narrow the list to files that still need your attention.

When you dismiss a file path, the file path moves to the "Dismissed File Paths" table and won't be accounted as a failure in subsequent scans. If you dismiss all impacting file paths, the app status will change from fail to pass.

If you dismiss a path by accident and want to reinstate it in future scans, you must delete the Python Upgrade Readiness App from your Splunk platform instance and then reinstall it.

Public and Private apps

Python SDK check

The Python Upgrade Readiness App also scans for the older version of SDK in any app. Any app having a SDK with a version lower than 1.6.14 packaged, will fail.

Dismiss apps

The Python Upgrade Readiness App lets you dismiss an app from the scan results. Dismiss an app after you verify its Python 3 compatibility to narrow the list of apps that still require attention.

Dismissing an app marks the app as an Exception, and the app will not be accounted as a failure in subsequent scans. After you dismiss an app, you can still execute scans on that app and view results.

Disable email notification

The Python Upgrade Readiness App sends an email notification to the admin or sc_admin users, which summarizes the count of failed apps during the latest scan. The app sends this notification at 6 AM every Monday based on the Splunk system time zone. You can disable email notification, as follows:

  1. In Splunk Web, click Settings > Data inputs > Script.
  2. Search for the pura_send_email.py script in python_upgrade_readiness_app and click Disable.

Disabling email notifications applies to standalone instances not to Splunk Cloud Platform

Last modified on 21 January, 2022

This documentation applies to the following versions of Splunk® Enterprise: 8.0.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters