Re: Rest API Modular Inpu with Basic Auth

Pierzapin · ‎11-14-2013

Hi Damien,

I'm trying to poll the API for a RabbitMQ management console using your REST API Modulaor Input. I have another generic (unauthenticated API) working perfectly with Json data returning perfectly, so install and splunk permissions seem fine. When hitting the RabbitMQ API (using Basic Auth) the splunkd.log reports

2013-11-15 12:21:36,844 DEBUG [52855b00c57f10f45fd7d0] cplogging:55 - [15/Nov/2013:12:21:36] HTTP Traceback (most recent call last): File "/opt/splunkprod1/splunk/lib/python2.7/site-packages/cherrypy/cprequest.py", line 606, in respond cherrypy.response.body = self.handler() File "/opt/splunkprod1/splunk/lib/python2.7/site-packages/cherrypy/cpdispatch.py", line 25, in call return self.callable(*self.args, **self.kwargs) File "/opt/splunkprod1/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/routes.py", line 366, in default return route.target(self, **kw) File "", line 1, in File "/opt/splunkprod1/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 38, in rundecs return fn(*a, **kw) File "", line 1, in File "/opt/splunkprod1/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 107, in check return fn(self, *a, **kw) File "", line 1, in File "/opt/splunkprod1/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 156, in validateip return fn(self, a, *kw) File "", line 1, in File "/opt/splunkprod1/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 297, in preformssocheck return fn(self, a, *kw) File "", line 1, in File "/opt/splunkprod1/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 348, in checklogin return fn(self, *a, **kw) File "", line 1, in File "/opt/splunkprod1/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/decorators.py", line 369, in handleexceptions return fn(self, a, *kw) File "/opt/splunkprod1/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/controllers/search.py", line 487, in batchControl response = actionMethod() File "/opt/splunkprod1/splunk/lib/python2.7/site-packages/splunk/search/init.py", line 730, in touch return self.execControl('touch') File "/opt/splunkprod1/splunk/lib/python2.7/site-packages/splunk/search/init.py", line 693, in _execControl serverResponse, serverContent = rest.simpleRequest(uri, postargs=postargs, sessionKey=self.sessionKey) File "/opt/splunkprod1/splunk/lib/python2.7/site-packages/splunk/rest/init.py", line 483, in simpleRequest raise splunk.AuthorizationFailed(extendedMessages=uri) AuthorizationFailed: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/services/search/jobs/schedulercGllcnMuY2hhbWJlcmxhaW4searchRMD525bd0fa3f312c2...

Is this something you've seen before? Any Clues?

Thanks

Piers

Damien_Dallimor · ‎11-14-2013

Those errors messages have nothing to do with the REST API Modular Input.

REST API Modular Input errors messages would be found with : "index=_internal ExecProcessor error rest.py"

Furthermore , in the config page , if you check the "Index Error Response" option , any HTTP auth errors should get indexed for you to browse.

Rest API Modular Inpu with Basic Auth

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation