Splunk® Enterprise

Python 3 Migration

Splunk Enterprise version 8.1 will no longer be supported as of April 19, 2023. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Python with Splunk Enterprise Security

Enterprise Security (ES) version 5.3.x and earlier are compatible with Python 2 only. ES version 6.0.x begins the transition to Python 3, but is not completely dual compatible with Python 2 and Python 3. ES version 6.1.x is compatible with Python 3 only.

For more information about Splunk ES, see Splunk Products Version Compatibility Matrix.

Splunk Enterprise Security version 5.3.x and Python compatibility

Splunk Enterprise Security versions 5.3.1 and earlier are not compatible with Splunk Enterprise version 8.x and Python 3.

Splunk Enterprise Security version 6.0.x and Python compatibility

Splunk Enterprise Security version 6.0.x is compatible with various versions of Splunk Enterprise 7.2.x through 8.x. The following flag is available in the ES 6.0.x specification files: 

 python.version = {default|python|python2|python3}

However, this release is not completely dual Python 2 and Python 3 compatible. In Splunk Enterprise 8.x, it requires the Python 2 interpreter that ships with 8.x. Various configuration files are set python.version = python2 on purpose. If using Splunk Enterprise 8.x, do not set the python.version flags to python3 or run in strict python3 mode at this time.

Enterprise Security 6.0.x is the last major release that is compatible with Python 2 and with Machine Learning Toolkit 4.0.

Splunk Enterprise Security version 6.1.x and higher and Python compatibility

Splunk Enterprise Security version 6.1.x and higher is compatible with Splunk Enterprise version 8.x. The following flag is available in the ES 6.1.x and higher specification files: 

 python.version = python3

ES 6.1.x and higher is Python 3 compatible only. Various configuration files are set python.version = python3 on purpose. Do not change these flags at this time.

ES 6.1.x and higher is compatible with Machine Learning Toolkit 5.0 and higher only. The previously generated models from MLTK 4.x are not compatible and have to be regenerated. See Update Splunk MLTK models for Python 3 for information about rebuilding models.

Last modified on 06 February, 2024
Splunk Cloud Platform   Python 3 migration with ITSI

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 8.0.0, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 7.3.9, 8.0.1, 8.0.10, 8.0.2

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters