https://community.splunk.com/t5/Security/Twitted-input-py-HTTP-Error-401-Unauthorized/m-p/144939#M14587 <P>This is easy to do with the REST API Modular Input.</P> <P>Download and untar to SPLUNK_HOME/etc/apps : <A href="http://apps.splunk.com/app/1546/">http://apps.splunk.com/app/1546/</A></P> <P>Then setup a stanza like the example below (for searching for tweets).</P> <P>Replace the oauth values with your own.</P> <P>Change the twitter query in the url_args to the tweets you want to search for.</P> <P>You can also add additional stanzas for other <A href="https://dev.twitter.com/docs/api/1.1">Twitter REST API endpoints</A>.</P> <PRE><CODE>[rest://My Tweets] auth_type = oauth1 endpoint = <A href="https://api.twitter.com/1.1/search/tweets.json" target="test_blank">https://api.twitter.com/1.1/search/tweets.json</A> http_method = GET index = main index_error_response_codes = 1 oauth1_access_token = XXXXXXXXXXXXX oauth1_access_token_secret = XXXXXXXXXXXXX oauth1_client_key = XXXXXXXXXXXXX oauth1_client_secret = XXXXXXXXXXXXX polling_interval = 30 response_handler = TwitterEventHandler response_type = json sourcetype = rest_twitter streaming_request = 0 url_args = q=#splunk disabled = 1 </CODE></PRE> Sat, 16 Nov 2013 13:31:10 GMT Damien_Dallimor 2013-11-16T13:31:10Z https://community.splunk.com/t5/Security/Twitted-input-py-HTTP-Error-401-Unauthorized/m-p/144938#M14586 <P>Hello Splunk community! I'm new to Splunk and I would like to be able to access and index data from my own Twitter account. It looks like the perfect example is the Twitted&gt;input.py program. After taking a look at the README from the twitted folder, I successfully added the app to the Splunk web interface.</P> <P>When I run:</P> <PRE><CODE>python input.py </CODE></PRE> <P>I'm prompted my username and password. I entered my personal Twitter account credentials but I was hit with</P> <PRE><CODE>Initializing Splunk .. Listening (and sending data to localhost:9001).. Error: There was an error logging in to Twitter: HTTP Error 401 (Unauthorized) </CODE></PRE> <P>I came across this forum post: </P> <P><A href="http://answers.splunk.com/answers/74633/data-not-going-to-splunk">http://answers.splunk.com/answers/74633/data-not-going-to-splunk</A></P> <P>but after checking my .splunkrc file and making sure my original input.py file was unedited, everything seems like it should work.</P> <P>Just for some additional info, I'm running Splunk enterprise 6.0, and using the python sdk 1.1. While I run this, I'm logged onto the Splunk web interface.</P> <P>If anyone can offer a few words of advice, I would greatly appreciate it!</P> Fri, 15 Nov 2013 20:56:07 GMT https://community.splunk.com/t5/Security/Twitted-input-py-HTTP-Error-401-Unauthorized/m-p/144938#M14586 pwong591 2013-11-15T20:56:07Z https://community.splunk.com/t5/Security/Twitted-input-py-HTTP-Error-401-Unauthorized/m-p/144939#M14587 <P>This is easy to do with the REST API Modular Input.</P> <P>Download and untar to SPLUNK_HOME/etc/apps : <A href="http://apps.splunk.com/app/1546/">http://apps.splunk.com/app/1546/</A></P> <P>Then setup a stanza like the example below (for searching for tweets).</P> <P>Replace the oauth values with your own.</P> <P>Change the twitter query in the url_args to the tweets you want to search for.</P> <P>You can also add additional stanzas for other <A href="https://dev.twitter.com/docs/api/1.1">Twitter REST API endpoints</A>.</P> <PRE><CODE>[rest://My Tweets] auth_type = oauth1 endpoint = <A href="https://api.twitter.com/1.1/search/tweets.json" target="test_blank">https://api.twitter.com/1.1/search/tweets.json</A> http_method = GET index = main index_error_response_codes = 1 oauth1_access_token = XXXXXXXXXXXXX oauth1_access_token_secret = XXXXXXXXXXXXX oauth1_client_key = XXXXXXXXXXXXX oauth1_client_secret = XXXXXXXXXXXXX polling_interval = 30 response_handler = TwitterEventHandler response_type = json sourcetype = rest_twitter streaming_request = 0 url_args = q=#splunk disabled = 1 </CODE></PRE> Sat, 16 Nov 2013 13:31:10 GMT https://community.splunk.com/t5/Security/Twitted-input-py-HTTP-Error-401-Unauthorized/m-p/144939#M14587 Damien_Dallimor 2013-11-16T13:31:10Z https://community.splunk.com/t5/Security/Twitted-input-py-HTTP-Error-401-Unauthorized/m-p/144940#M14588 <P>Thank you Damien for helping me find a solution to the problem. I'll work with the REST API from now on. </P> <P>Although, I still wonder what was wrong with the sample program/set up.</P> Sat, 16 Nov 2013 22:41:40 GMT https://community.splunk.com/t5/Security/Twitted-input-py-HTTP-Error-401-Unauthorized/m-p/144940#M14588 pwong591 2013-11-16T22:41:40Z https://community.splunk.com/t5/Security/Twitted-input-py-HTTP-Error-401-Unauthorized/m-p/144941#M14589 <P>Probably because BASIC Auth is no longer supported for the streaming API : <A href="https://dev.twitter.com/docs/streaming-apis/streams/public">https://dev.twitter.com/docs/streaming-apis/streams/public</A></P> Sun, 17 Nov 2013 03:39:02 GMT https://community.splunk.com/t5/Security/Twitted-input-py-HTTP-Error-401-Unauthorized/m-p/144941#M14589 Damien_Dallimor 2013-11-17T03:39:02Z