My company's Splunk instance is located on Splunk Cloud and authentication to Splunk Cloud is via an ADFS federation server. I have downloaded the Splunk PowerShell Resource Kit and PowerShell search cmdlets from Splunk. Using the documentation provided I am trying to connect to Splunk Cloud and run a query by running the following command:
$a = get-credential
search-splunk -Credential $a -host company.splunkcloud.com -searchstring 'search stuff'
As I do not have a Splunk Cloud account and when using the Splunk Cloud website I am redirected to my company's ADFS server first for authentication before I can interact with website. So I am not sure how to authenticate to Splunk Cloud so I can use the PowerShell cmdlets?
Any help with this would be most appreciated.
Thanks,
Joel
have you tried this?
search-splunk -UseDefaultCredentials -host company.splunkcloud.com -searchstring 'search stuff'
@xavierashe Thank you for the response but the search-splunk cmdlet that I am running does not have a -UseDefaultCredentials switch. I am running version 0.2.0 of the cmdlets. Is there a more updated version of the cmdlets that include this switch?
Ah, I assumed that they had just extended Invoke-RestMethod. According to the github, they are no longer maintain the PowerShell Resource Kit. Take a look at this script and change
-Credential $MyCredential
to
-UseDefaultCredentials