Splunk Dev

How to log in to Splunk using the Splunk Python SDK?

reachvgupta
New Member

I am trying to log in and search users from a windows machine on Splunk server using Splunk python SDK over HTTP, but getting some errors. Please find Logs below ( HTTP Request / Response ) .

c:\Users\vgupta13\Downloads\splunk-sdk-python-master\examples>C:\Python27\python.exe search.py "search vgupta13 " --output_mode=csv --verbose=verbose
{'body': 'username=vgupta13&password=*******', 'headers': [('Content-Type', 'application/x-www-form-urlencoded')], 'method': 'POST'}

send: 'POST /services/auth/login HTTP/1.1\r\nAccept-Encoding: identity\r\nContent-Length: 35\r\nContent-Type: application/x-www-form-urlencoded\r\nHost: ficcspl
unk\r\nAccept: */*\r\nUser-Agent: splunk-sdk-python/0.1\r\n\r\nusername=vgupta13&password=*******'
Get the response from the server.
HTTPResponse init
------------------begin
reply: 'HTTP/1.1 303 See Other\r\n'
header: Server: CherryPy/3.1.2
header: Location: http://splunkserver/en-US/services/auth/login
header: Content-Type: text/html;charset=utf-8
header: Content-Length: 132
header: Date: Mon, 13 Apr 2015 12:02:52 GMT
header: Set-Cookie: session_id_8000=4f0020a7bf9fe5c60abcddbdf6a6e037a4a3d35a; expires=Tue, 21 Apr 2015 12:02:52 GMT; httponly; Path=/




send: 'GET /servicesNS/nobody/alert/search/parser?q=search+vgupta13+&parse_only=True HTTP/1.1\r\nAccept-Encoding: identity\r\nContent-Length: 0\r\nHost: ficcspl
unk\r\nAccept: */*\r\nUser-Agent: splunk-sdk-python/0.1\r\n\r\n'
***Get the response from the server.***
HTTPResponse init
------------------begin
reply: 'HTTP/1.1 303 See Other\r\n'
header: Server: CherryPy/3.1.2
header: Location: http://splunkserver/en-US/servicesNS/nobody/alert/search/parser?q=search+vgupta13+&parse_only=True
header: Content-Type: text/html;charset=utf-8
header: Content-Length: 246
header: Date: Mon, 13 Apr 2015 12:02:52 GMT
header: Set-Cookie: session_id_8000=79ff553379c53a3dac1846f27c065d3561cd3f3c; expires=Tue, 21 Apr 2015 12:02:52 GMT; httponly; Path=/


{'body': 'search=search+vgupta13+', 'headers': [('Content-Type', 'application/x-www-form-urlencoded')], 'method': 'POST'}

send: 'POST /servicesNS/nobody/alert/search/jobs/ HTTP/1.1\r\nAccept-Encoding: identity\r\nContent-Length: 23\r\nContent-Type: application/x-www-form-urlencoded
\r\nHost: splunkserver\r\nAccept: */*\r\nUser-Agent: splunk-sdk-python/0.1\r\n\r\nsearch=search+vgupta13+'
Get the response from the server.
HTTPResponse init
------------------begin
reply: 'HTTP/1.1 303 See Other\r\n'
header: Server: CherryPy/3.1.2
header: Location: http://splunkserver/en-US/servicesNS/nobody/alert/search/jobs
header: Content-Type: text/html;charset=utf-8
header: Content-Length: 164
header: Date: Mon, 13 Apr 2015 12:02:53 GMT
header: Set-Cookie: session_id_8000=d67ebfa9d64e26c2be64a6943b6d93abc5839d5e; expires=Tue, 21 Apr 2015 12:02:53 GMT; httponly; Path=/


self.fp
Traceback (most recent call last):
  File "search.py", line 115, in 
    main(sys.argv[1:])
  File "search.py", line 80, in main
    job = service.jobs.create(search, **kwargs_create)
  File "..\splunklib\client.py", line 2882, in create
    sid = _load_sid(response)
  File "..\splunklib\client.py", line 221, in _load_sid
    return _load_atom(response).response.sid
AttributeError: 'NoneType' object has no attribute 'response'
0 Karma

paramagurukarth
Builder

Please try the below

 import splunklib.client as client

    class RestController():
        HOST = "localhose"
        PORT = 8089
        USERNAME = "userName"
        PASSWORD = "password"

        currentUser =""


        def getService(self):        
            return client.connect(host=self.HOST,port=self.PORT,username=self.USERNAME,password=self.PASSWORD)


    mani = RestController()
    service = mani.getService()
    users = service.users
    for user in users:
        print user.name
0 Karma

paramagurukarth
Builder

To do other items .. have a look into you splunklib.Cline.py's Service class

0 Karma

reachvgupta
New Member

Its giving me same Error.... as Above 😞

0 Karma

reachvgupta
New Member

Traceback (most recent call last):
File "testlogin.py", line 15, in
for user in users:
File "C:\Python27\lib\site-packages\splunklib\client.py", line 1218, in iter
for item in self.iter(**kwargs):
File "C:\Python27\lib\site-packages\splunklib\client.py", line 1382, in iter
items = self._load_list(response)
File "C:\Python27\lib\site-packages\splunklib\client.py", line 1288, in _load_list
entries = _load_atom_entries(response)
File "C:\Python27\lib\site-packages\splunklib\client.py", line 202, in _load_atom_entries
if 'feed' in r:
TypeError: argument of type 'NoneType' is not iterable

0 Karma

reachvgupta
New Member

I am stuck , can someone please have a look

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...