attempting to query a database via the REST API (using python requests
package) --
getting the session key works fine:
r = requests.post("<host>/services/auth/login",data={"username":<username>,"password":<password>},params={"output_mode":"json"})
sessionkey = r.json()['sessionKey']
and a relatively simple dbxquery
call POSTs without error:
r = requests.post("<host>/services/search/jobs",headers={"Authorization":"Splunk {}".format(sessionkey)},data={"output_mode":"json","query":"| dbxquery connection='MXProd' query='SELECT * FROM mx.mx.institutions'"})
sid = r.json()['sid']
for the job ID, with the query developed based on a matching query within the web browser frontend. However, trying to pull the result of the dbxquery down results in the error:
'External search command \'dbxquery\' returned error code 1. Script output = "HTTPError: HTTP 404 Not Found -- \n In handler \'conf-db_connections\': Could not find object id=\'MXProd\'\n"'
The same query ran without issue in the frontend, and I can't seem to find anything in the API examples that would point to the error -- but clearly I'm missing a step. Any ideas?
Running Splunk Enterprise 6.4.3 and Splunk DB Connect version 2.3.1
Solved issue -- based on the structure of the query, I was expecting search
to be a KV parameter passed in through the data
field of the POST query. Rather, the splunk search syntax should be preserved as the full string, with that passed in as the POST body, e.g.
r = requests.post("<host>/services/search/jobs",headers={"Authorization":"Splunk {}".format(sessionkey)},data="search = | dbxquery query=\"SELECT * FROM mx.mx.institutions\" connection=\"MXProd\"",params={"output_mode":"json"})
which works as expected.
Solved issue -- based on the structure of the query, I was expecting search
to be a KV parameter passed in through the data
field of the POST query. Rather, the splunk search syntax should be preserved as the full string, with that passed in as the POST body, e.g.
r = requests.post("<host>/services/search/jobs",headers={"Authorization":"Splunk {}".format(sessionkey)},data="search = | dbxquery query=\"SELECT * FROM mx.mx.institutions\" connection=\"MXProd\"",params={"output_mode":"json"})
which works as expected.
backend dbx2.log showed something fairly generic. It almost looks as if the interpreter couldn't find the proper connection stanza in the db_connections.conf file:
2016-10-27T20:25:52+0000 [ERROR] [dbxquery.py], line 41 : action=dbxquery_command_failure error=HTTP 404 Not Found --
In handler 'conf-db_connections': Could not find object id='MXProd'
Traceback (most recent call last):
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py", line 39, in wrap
return func(*args, **kwargs)
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py", line 256, in generate
connection_info = self._retrieve_connection_info(user, session_key)
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py", line 147, in _retrieve_connection_info
db, self.db_health = ci.get_connection(self.connection, user, session_key)
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/rest_api/connection_info.py", line 30, in get_connection
dbm, conn = _get_conn_params(connection_name, service)
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/rest_api/connection_info.py", line 64, in _get_conn_params
conn = ConnectionConf(splunk_service, connection_name).content
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/connection_conf.py", line 10, in __init__
client.Entity.__init__(self, service, path, **kwargs)
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/client.py", line 872, in __init__
self.refresh(kwargs.get('state', None)) # "Prefresh"
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/client.py", line 1011, in refresh
self._state = self.read(self.get())
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/client.py", line 981, in get
return super(Entity, self).get(path_segment, owner=owner, app=app, sharing=sharing, **query)
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/client.py", line 738, in get
**query)
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/binding.py", line 286, in wrapper
return request_fun(self, *args, **kwargs)
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/binding.py", line 68, in new_f
val = f(*args, **kwargs)
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/binding.py", line 660, in get
response = self.http.get(path, self._auth_headers, **query)
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/binding.py", line 1150, in get
return self.request(url, { 'method': "GET", 'headers': headers })
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/binding.py", line 1205, in request
raise HTTPError(response)
HTTPError: HTTP 404 Not Found --
In handler 'conf-db_connections': Could not find object id='MXProd'