All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

TA-WebTools - Syntax question

JoeCallen
Explorer
‎08-09-2024 10:20 AM

I have reviewed the curl command syntax in the details section of the Add-on download page but was not able to discern how pass the following to the "| curl" command

1) How can I pass the equivalent of:   '-k" or "--insecure'  ?
2) How do I pass 2 headers in the same command line ? 
From the LINUX prompt, my command looks like this: 
 
curl -X POST -H "Content-Type: application/json" -H "UUID: e42eed31-65bb-4283-ad05-33f18da75513" -k "https://abc.com/X1"  -d "{ lots of data }"

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

schose
Builder
‎08-12-2024 03:30 PM

Hi Joe,

yes, you can download the app, patch it and upload it as a private app.

Cheers,

Andreas

View solution in original post

Reply
Solved! Jump to solution

splunkreal
Motivator
yesterday

Hello @jkat54 noticed in splunkbase release notes "-Removed ability to specify user and pass with the command, use splunkpasswdname & splunkpasswdcontext OR token=<token> OR splunkauth=true instead."

You should update the curl commands on Details tab of splunkbase app as this is misleading.

For the moment using v3.1.2 could only make work using token not username/password. Getting error 401 when it works correctly with CLI curl command. I'm using "REST storage/passwords Manager for Splunk"

 

syntax: | curl method=get uri="https://xxx/internalqueries?queryguid={3A798982-3D8F-465C-BB01-9E90CE4D3B4D}&filterguid={73B09AC4-6C...}" splunkpasswdname="api.xxx" splunkauth=f

 

I could make it work using v3.1.0 so maybe there is a bug with latest version?

 

Thanks for your help and thank you for this app!

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply
Solved! Jump to solution

schose
Builder
‎08-10-2024 06:29 AM

Hi Joe,

there is a command documentation in default/searchbnf.conf

[curl-command]
syntax = CURL [choice:URI=<uri> OR URIFIELD=<urifield>] [optional: METHOD=<GET|PATCH|POST|PUT|DELETE> VERIFYSSL=<TRUE|FALSE> DATAFIELD=<field_name> DATA=<data> HEADERFIELD=<json_header_field_name> HEADERS=<json_header> USER=<user> PASS=<password> DEBUG=<true|false> SPLUNKAUTH=<true|false> SPLUNKPASSWDNAME=<username_in_passwordsconf> SPLUNKPASSWDCONTEXT=<appcontext (optional)> TIMEOUT=<float>]

-k = "VERIFYSSL=FALSE"
headers="{\"content-type\":\"application/json\"}"

best regards,

Andreas

0 Karma
Reply
Solved! Jump to solution

JoeCallen
Explorer
‎08-12-2024 10:23 AM

Andreas, thank for the quick response.  

Unfortunately, I am using Splunk Cloud, and I see in your "curl.py" file that VERIFYSSL is "Forced to be True for Splunk Cloud Compatibility".

So, while "curl -k" works from the LINUX command line on my Splunk server,  in Splunk SPL the "| curl verifyssl=false" is overridden in the add-on's python code.

Is there any way to override ??? If not, I will have to find another way to do this, as I am constrained by my environment.

0 Karma
Reply
Solved! Jump to solution
Solution

schose
Builder
‎08-12-2024 03:30 PM

Hi Joe,

yes, you can download the app, patch it and upload it as a private app.

Cheers,

Andreas

Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...