All Apps and Add-ons

Web Tools Add on (TA-webtools) curl command throws an error on version 1.2.3

gjanders
SplunkTrust
SplunkTrust

After running:
| curl method=post uri=https://localhost:8089/ splunkauth=true

I'm receiving an error, a check of the python.log shows me:

 2019-04-05 03:17:21,946 +0000 ERROR     curl:287 - bad operand type for unary +: 'str'. Traceback: Traceback (most recent call last):
 File "/opt/splunk/etc/apps/TA-webtools/bin/curl.py", line 123, in execute
   + "\texample: curl method=get verifyssl=true uri=https://localhost:8089 " \
TypeError: bad operand type for unary +: 'str'

I found line 86 was an issue, along with line 58, I added the if headers == None line as the below to force the headers to not be None

 86             if headers == None:
 87                 headers = {}
 88             headers["Authorization"] =  'Splunk %s' % sessionKey

if they were not set, otherwise the curl command just doesn't work!

Otherwise great application, thanks for creating it!

Tags (1)
1 Solution

jkat54
SplunkTrust
SplunkTrust

Thanks for posting the solution @gjanders!

I got a little ahead of myself on the last release and didnt test the non-splunk auth methods of the curl SPL command.

Version 1.2.3 works fine if you use splunkauth because that fork in the code doesnt have the bug. The solution for now is to edit /bin/curl.py and add headers={} before the authorization header is added headers["Authorization"] = 'Splunk %s' % sessionKey as shown below:

headers={}
headers["Authorization"] =  'Splunk %s' % sessionKey

Be mindful of your indentation if you decide to patch curl.py yourself. This bug appears in the definitions/functions named get(), head() post() and delete() near the top of curl.py.

I'll release a new patch soon.

View solution in original post

suser2019
Explorer

I am using this app https://splunkbase.splunk.com/app/4146
The curl command is not picking up method=POST and always returning error 405 and
{"error":{"detail":"GET method not supported for API","message":"Method not Supported"},"status":"failure"}

I used this command
| eval header="{\"Content-Type\":\"application/json\", \"Accept\":\"application/json\"}"
| curl method=post uri= user= pass= headerfield= header

Now I am not sure how to make a POST call to an external API from Splunk search. Every time it is being detected as GET.

0 Karma

gjanders
SplunkTrust
SplunkTrust

Please create a new question for this if you need help

0 Karma

suser2019
Explorer
0 Karma

suser2019
Explorer

Testing the splunk add on for service-now app..

0 Karma

suser2019
Explorer

it is working

0 Karma

jkat54
SplunkTrust
SplunkTrust

Thanks for posting the solution @gjanders!

I got a little ahead of myself on the last release and didnt test the non-splunk auth methods of the curl SPL command.

Version 1.2.3 works fine if you use splunkauth because that fork in the code doesnt have the bug. The solution for now is to edit /bin/curl.py and add headers={} before the authorization header is added headers["Authorization"] = 'Splunk %s' % sessionKey as shown below:

headers={}
headers["Authorization"] =  'Splunk %s' % sessionKey

Be mindful of your indentation if you decide to patch curl.py yourself. This bug appears in the definitions/functions named get(), head() post() and delete() near the top of curl.py.

I'll release a new patch soon.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...