All Apps and Add-ons

My dbxquery search via REST API results in "error code 1. Script output = "HTTPError: HTTP 404 Not Found" - how to fix?

johnwalk
Engager

attempting to query a database via the REST API (using python requests package) --

getting the session key works fine:

r = requests.post("<host>/services/auth/login",data={"username":<username>,"password":<password>},params={"output_mode":"json"})
sessionkey = r.json()['sessionKey']

and a relatively simple dbxquery call POSTs without error:

 r = requests.post("<host>/services/search/jobs",headers={"Authorization":"Splunk {}".format(sessionkey)},data={"output_mode":"json","query":"| dbxquery connection='MXProd' query='SELECT * FROM mx.mx.institutions'"})
sid = r.json()['sid']

for the job ID, with the query developed based on a matching query within the web browser frontend. However, trying to pull the result of the dbxquery down results in the error:

'External search command \'dbxquery\' returned error code 1. Script output = "HTTPError: HTTP 404 Not Found -- \n In handler \'conf-db_connections\': Could not find object id=\'MXProd\'\n"'

The same query ran without issue in the frontend, and I can't seem to find anything in the API examples that would point to the error -- but clearly I'm missing a step. Any ideas?

Running Splunk Enterprise 6.4.3 and Splunk DB Connect version 2.3.1

0 Karma
1 Solution

johnwalk
Engager

Solved issue -- based on the structure of the query, I was expecting search to be a KV parameter passed in through the data field of the POST query. Rather, the splunk search syntax should be preserved as the full string, with that passed in as the POST body, e.g.

r = requests.post("<host>/services/search/jobs",headers={"Authorization":"Splunk {}".format(sessionkey)},data="search = | dbxquery query=\"SELECT * FROM mx.mx.institutions\" connection=\"MXProd\"",params={"output_mode":"json"})

which works as expected.

View solution in original post

johnwalk
Engager

Solved issue -- based on the structure of the query, I was expecting search to be a KV parameter passed in through the data field of the POST query. Rather, the splunk search syntax should be preserved as the full string, with that passed in as the POST body, e.g.

r = requests.post("<host>/services/search/jobs",headers={"Authorization":"Splunk {}".format(sessionkey)},data="search = | dbxquery query=\"SELECT * FROM mx.mx.institutions\" connection=\"MXProd\"",params={"output_mode":"json"})

which works as expected.

klops
Explorer

backend dbx2.log showed something fairly generic. It almost looks as if the interpreter couldn't find the proper connection stanza in the db_connections.conf file:

2016-10-27T20:25:52+0000 [ERROR] [dbxquery.py], line 41 : action=dbxquery_command_failure error=HTTP 404 Not Found --
 In handler 'conf-db_connections': Could not find object id='MXProd'
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py", line 39, in wrap
    return func(*args, **kwargs)
  File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py", line 256, in generate
    connection_info = self._retrieve_connection_info(user, session_key)
  File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbxquery.py", line 147, in _retrieve_connection_info
    db, self.db_health = ci.get_connection(self.connection, user, session_key)
  File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/rest_api/connection_info.py", line 30, in get_connection
    dbm, conn = _get_conn_params(connection_name, service)
  File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/rest_api/connection_info.py", line 64, in _get_conn_params
    conn = ConnectionConf(splunk_service, connection_name).content
  File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/connection_conf.py", line 10, in __init__
    client.Entity.__init__(self, service, path, **kwargs)
  File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/client.py", line 872, in __init__
    self.refresh(kwargs.get('state', None))  # "Prefresh"
  File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/client.py", line 1011, in refresh
    self._state = self.read(self.get())
  File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/client.py", line 981, in get
    return super(Entity, self).get(path_segment, owner=owner, app=app, sharing=sharing, **query)
  File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/client.py", line 738, in get
    **query)
  File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/binding.py", line 286, in wrapper
    return request_fun(self, *args, **kwargs)
  File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/binding.py", line 68, in new_f
    val = f(*args, **kwargs)
  File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/binding.py", line 660, in get
    response = self.http.get(path, self._auth_headers, **query)
  File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/binding.py", line 1150, in get
    return self.request(url, { 'method': "GET", 'headers': headers })
  File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbx2/splunk_client/../../splunk_sdk-1.5.0-py2.7.egg/splunklib/binding.py", line 1205, in request
    raise HTTPError(response)
HTTPError: HTTP 404 Not Found --
 In handler 'conf-db_connections': Could not find object id='MXProd'
0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...