All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

TA-WebTools - Syntax question

JoeCallen
Explorer
‎08-09-2024 10:20 AM

I have reviewed the curl command syntax in the details section of the Add-on download page but was not able to discern how pass the following to the "| curl" command

1) How can I pass the equivalent of:   '-k" or "--insecure'  ?
2) How do I pass 2 headers in the same command line ? 
From the LINUX prompt, my command looks like this: 
 
curl -X POST -H "Content-Type: application/json" -H "UUID: e42eed31-65bb-4283-ad05-33f18da75513" -k "https://abc.com/X1"  -d "{ lots of data }"

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

schose
Builder
‎08-12-2024 03:30 PM

Hi Joe,

yes, you can download the app, patch it and upload it as a private app.

Cheers,

Andreas

View solution in original post

Reply
Solved! Jump to solution

splunkreal
Motivator
a week ago

Hello @jkat54 please have a look at https://community.splunk.com/t5/All-Apps-and-Add-ons/Error-401-with-Webtools-v3-1-2-and-username-pas... thanks for your help!

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply
Solved! Jump to solution

schose
Builder
‎08-10-2024 06:29 AM

Hi Joe,

there is a command documentation in default/searchbnf.conf

[curl-command]
syntax = CURL [choice:URI=<uri> OR URIFIELD=<urifield>] [optional: METHOD=<GET|PATCH|POST|PUT|DELETE> VERIFYSSL=<TRUE|FALSE> DATAFIELD=<field_name> DATA=<data> HEADERFIELD=<json_header_field_name> HEADERS=<json_header> USER=<user> PASS=<password> DEBUG=<true|false> SPLUNKAUTH=<true|false> SPLUNKPASSWDNAME=<username_in_passwordsconf> SPLUNKPASSWDCONTEXT=<appcontext (optional)> TIMEOUT=<float>]

-k = "VERIFYSSL=FALSE"
headers="{\"content-type\":\"application/json\"}"

best regards,

Andreas

0 Karma
Reply
Solved! Jump to solution

JoeCallen
Explorer
‎08-12-2024 10:23 AM

Andreas, thank for the quick response.  

Unfortunately, I am using Splunk Cloud, and I see in your "curl.py" file that VERIFYSSL is "Forced to be True for Splunk Cloud Compatibility".

So, while "curl -k" works from the LINUX command line on my Splunk server,  in Splunk SPL the "| curl verifyssl=false" is overridden in the add-on's python code.

Is there any way to override ??? If not, I will have to find another way to do this, as I am constrained by my environment.

0 Karma
Reply
Solved! Jump to solution
Solution

schose
Builder
‎08-12-2024 03:30 PM

Hi Joe,

yes, you can download the app, patch it and upload it as a private app.

Cheers,

Andreas

Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...