Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why am I not getting sessionKey while using custom search command

pjvarjani
Path Finder
‎10-30-2014 03:48 AM

I am having two apps, Main app and Add-On app.

Add-On app contains one data collector script which works as splunk data input script and feeds data to splunk.

This data collector script is being executed at regular intervals and each time it gets sessionkey from splunk and uses it to fetch the encrypted credentials.

I have also added Custom search command in main app, there is one wrapper script for custom search command in main app, which will collect command and options and pass it to the data collector script of Add-On app.

But, whenever data collector script is being called by this wrapper, it is not able to get the sessionKey from splunk.

Below are the contents of commands.conf for custom search command.

[customCollect]

filename = customCollect.py

supports_getinfo=true

generating=true

supports_rawargs = true

outputheader = true

enableheader = true

passauth = true

streaming = false

retainsevents = true

changes_colorder = true

overrides_timeorder = false

In data collector script, I have tried below given two approaches to get sessionkey but none of them is working.

1) results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()

   sessionKey = settings.get("sessionKey", None)

2) sessionKey = sys.stdin.readline().strip()

Reply

BernardEAI
Communicator
‎11-16-2020 04:46 AM

Did you ever manage to get a solution to this? I can also get the sessionKey with 

auth.getSessionKey('admin','<password for admin>')

but I also don't want to hardcode the password. 

0 Karma
Reply

tpeveler_splunk
Splunk Employee
Splunk Employee
‎02-04-2019 08:49 PM

See https://answers.splunk.com/answers/434017/how-to-get-session-key-in-a-search-script-script-s

I successfully implemented the approach specified in the Accepted Answer and was able to get the sessionKey when executing a custom search command.

0 Karma
Reply

marcolesh
Path Finder
‎08-21-2018 10:25 AM 
import urllib2
import urllib
import httplib2

myhttp = httplib2.Http(disable_ssl_certificate_validation=True)
baseurl = 'https://127.0.0.1:8089'

searchjob = self.myhttp.request(self.baseurl + '/services/search/jobs','POST', headers={'Authorization': 'Splunk %s' % self._metadata.searchinfo.session_key},body=urllib.urlencode({'search': searchquery}))[1]

Using the code above you can get logged in splunkd using token session of logged user

0 Karma
Reply

mkhan_splunk
New Member
‎05-29-2018 03:09 AM

Hi,
Did you find any solution, I am facing same issue

0 Karma
Reply

marcolesh
Path Finder
‎08-16-2018 01:15 PM

Hi mkhab_splunk did you find any solution. I'm facing same problem

0 Karma
Reply

TonyLeeVT
Builder
‎04-06-2017 04:48 PM

I have been able to get the sessionKey by doing this:

import splunk.auth as auth

sessionKey = auth.getSessionKey('admin','<password for admin>')

It may help in your troubleshooting, but if you have to hard code the admin credentials to get access to other credentials, what is the point... This is very frustrating because it seems that the behavior may have changed from Splunk v4 -> Splunk v6.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...