All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Getting Session key for app built using add-on builder

ramesh_babu71
Path Finder
‎12-14-2017 10:11 PM

Hello All,

We created a scripted input using Python which connects to Splunk REST API using session key which it automatically gets using below code

sessionKey = sys.stdin.readline().strip()

However when we migrated to Splunk add-on builder the above code doesn't work even with below code in inputs.conf

passAuth = admin

Currently we are able to get session key only by sending authentication request (with Splunk username and password) and then stripping the Session Key from the response we receive. However we feel this method inadequate as our distributed environment has different credentials which makes administration of such Splunk App time consuming and frustrating.

Please let us know if there methods (supported by addon builder) wherein we can get the session key without sending an auth request (Just like in normal scripted input way)

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

asieira
Path Finder
‎12-15-2017 04:49 AM

The ideal way of interacting with the rest of Splunk when you use the add-on builder is to use the Python helper object. It allows you to save state using the KV store (which it calls check point data), for example. without resorting to acessing the REST API directly. You can also read configuration provided by the user without needing to use the Splunk REST API to read directly from configuration files.

Still, if you need to access the Splunk REST API for other purposes, take a look at its implementation on the generated add-on code under bin/<TA name>/modinput_wrapper/base_modinput.py. It seems that accessing helper.context_meta['session_key'] should work. Keep in mind, however, that this is an undocumented field that could be removed or renamed in future versions of the add-on builder.

View solution in original post

Reply
Solved! Jump to solution
Solution

asieira
Path Finder
‎12-15-2017 04:49 AM

The ideal way of interacting with the rest of Splunk when you use the add-on builder is to use the Python helper object. It allows you to save state using the KV store (which it calls check point data), for example. without resorting to acessing the REST API directly. You can also read configuration provided by the user without needing to use the Splunk REST API to read directly from configuration files.

Still, if you need to access the Splunk REST API for other purposes, take a look at its implementation on the generated add-on code under bin/<TA name>/modinput_wrapper/base_modinput.py. It seems that accessing helper.context_meta['session_key'] should work. Keep in mind, however, that this is an undocumented field that could be removed or renamed in future versions of the add-on builder.

Reply
Solved! Jump to solution

ramesh_babu71
Path Finder
‎12-15-2017 05:35 AM

Thanks Alexandre. This worked like charm !!!

These info should have been available in Splunk AoB docs.

Reply
Solved! Jump to solution

starcher
Influencer
‎12-15-2017 10:27 AM

I have some of these patterns for AOB and without it here.

http://www.georgestarcher.com/splunk-stored-encrypted-credentials/

Reply
Solved! Jump to solution

asieira
Path Finder
‎12-15-2017 11:06 AM

Great article, thanks for sharing!

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...