splunk_handler icon indicating copy to clipboard operation
splunk_handler copied to clipboard

Published 20 hours ago verified publisher icon zach-taylor

splunk_handler fails silently if port is wrong

Open GraemeMeyerGT opened this issue 1 year ago • 0 comments

Spent quite a while debugging this and identified some issues:

  • The whole application fails silently if the port is wrong
  • This happens even with debug mode enabled: image

I think this is because the try-catch block here triggers: https://github.com/zach-taylor/splunk_handler/blob/28d64d081a6da0752411ba07094a248773918e5e/splunk_handler/init.py#L259-L277

But for some reason the except never fires - I can't get anything to run in that except block, and even adding another except or a finally block doesn't seem to run. This one is a bit beyond me, but I wonder if the requests/sessions module is somehow sending a terminate signal instead of an exception of some kind.

This is with the following versions:

python --version
Python 3.10.6
pip list | grep splunk
splunk-handler         3.0.0

This all came about because I didn't realise that Splunk Cloud has a different default port for the HEC (443) compared to Splunk Cloud Free and Splunk Enterprise (which use 8088).

I ended up making a minimum viable program to test/debug this:

# main.py
from modules.constants import *
from modules.logging import *

def main():
    logger.info(f"Starting application.")

if __name__ == '__main__':
    main()

# logging.py
import logging
from modules.constants import *
from splunk_handler import SplunkHandler

DEFAULT_LOGGING_FORMAT = '%(levelname)s: %(message)s'

logger = logging.getLogger("MyProgram")
logger.setLevel(logging.DEBUG)

# Outputs logs to Splunk
splunk = SplunkHandler(
    host = SPLUNK_URL,
    port = '8088',
    token = SPLUNK_HEC_TOKEN,
    index = SPLUNK_DEV_INDEX,
    debug = True,
    # url = SPLUNK_HEC_URL
)

# logger.addHandler(handler)
logger.addHandler(splunk)

Side note: debugging this was made extra difficult because for some reason VS Code was refusing to honour break points set throughout most of the splunk_handler/__init__.py module, even with "justMyCode": false, set. E.g. for some reason I could set a breakpoint on line 109 and it would work fine, but break points set anywhere inside the _splunk_worker function were ignored. Again, this is beyond me a bit.

GraemeMeyerGT avatar Jul 28 '23 12:07 GraemeMeyerGT