Building for the Splunk Platform

How to log in to Splunk using the Splunk Python SDK?

reachvgupta
New Member

I am trying to log in and search users from a windows machine on Splunk server using Splunk python SDK over HTTP, but getting some errors. Please find Logs below ( HTTP Request / Response ) .

c:\Users\vgupta13\Downloads\splunk-sdk-python-master\examples>C:\Python27\python.exe search.py "search vgupta13 " --output_mode=csv --verbose=verbose
{'body': 'username=vgupta13&password=*******', 'headers': [('Content-Type', 'application/x-www-form-urlencoded')], 'method': 'POST'}

send: 'POST /services/auth/login HTTP/1.1\r\nAccept-Encoding: identity\r\nContent-Length: 35\r\nContent-Type: application/x-www-form-urlencoded\r\nHost: ficcspl
unk\r\nAccept: */*\r\nUser-Agent: splunk-sdk-python/0.1\r\n\r\nusername=vgupta13&password=*******'
Get the response from the server.
HTTPResponse init
------------------begin
reply: 'HTTP/1.1 303 See Other\r\n'
header: Server: CherryPy/3.1.2
header: Location: http://splunkserver/en-US/services/auth/login
header: Content-Type: text/html;charset=utf-8
header: Content-Length: 132
header: Date: Mon, 13 Apr 2015 12:02:52 GMT
header: Set-Cookie: session_id_8000=4f0020a7bf9fe5c60abcddbdf6a6e037a4a3d35a; expires=Tue, 21 Apr 2015 12:02:52 GMT; httponly; Path=/




send: 'GET /servicesNS/nobody/alert/search/parser?q=search+vgupta13+&parse_only=True HTTP/1.1\r\nAccept-Encoding: identity\r\nContent-Length: 0\r\nHost: ficcspl
unk\r\nAccept: */*\r\nUser-Agent: splunk-sdk-python/0.1\r\n\r\n'
***Get the response from the server.***
HTTPResponse init
------------------begin
reply: 'HTTP/1.1 303 See Other\r\n'
header: Server: CherryPy/3.1.2
header: Location: http://splunkserver/en-US/servicesNS/nobody/alert/search/parser?q=search+vgupta13+&parse_only=True
header: Content-Type: text/html;charset=utf-8
header: Content-Length: 246
header: Date: Mon, 13 Apr 2015 12:02:52 GMT
header: Set-Cookie: session_id_8000=79ff553379c53a3dac1846f27c065d3561cd3f3c; expires=Tue, 21 Apr 2015 12:02:52 GMT; httponly; Path=/


{'body': 'search=search+vgupta13+', 'headers': [('Content-Type', 'application/x-www-form-urlencoded')], 'method': 'POST'}

send: 'POST /servicesNS/nobody/alert/search/jobs/ HTTP/1.1\r\nAccept-Encoding: identity\r\nContent-Length: 23\r\nContent-Type: application/x-www-form-urlencoded
\r\nHost: splunkserver\r\nAccept: */*\r\nUser-Agent: splunk-sdk-python/0.1\r\n\r\nsearch=search+vgupta13+'
Get the response from the server.
HTTPResponse init
------------------begin
reply: 'HTTP/1.1 303 See Other\r\n'
header: Server: CherryPy/3.1.2
header: Location: http://splunkserver/en-US/servicesNS/nobody/alert/search/jobs
header: Content-Type: text/html;charset=utf-8
header: Content-Length: 164
header: Date: Mon, 13 Apr 2015 12:02:53 GMT
header: Set-Cookie: session_id_8000=d67ebfa9d64e26c2be64a6943b6d93abc5839d5e; expires=Tue, 21 Apr 2015 12:02:53 GMT; httponly; Path=/


self.fp
Traceback (most recent call last):
  File "search.py", line 115, in 
    main(sys.argv[1:])
  File "search.py", line 80, in main
    job = service.jobs.create(search, **kwargs_create)
  File "..\splunklib\client.py", line 2882, in create
    sid = _load_sid(response)
  File "..\splunklib\client.py", line 221, in _load_sid
    return _load_atom(response).response.sid
AttributeError: 'NoneType' object has no attribute 'response'
0 Karma

paramagurukarth
Builder

Please try the below

 import splunklib.client as client

    class RestController():
        HOST = "localhose"
        PORT = 8089
        USERNAME = "userName"
        PASSWORD = "password"

        currentUser =""


        def getService(self):        
            return client.connect(host=self.HOST,port=self.PORT,username=self.USERNAME,password=self.PASSWORD)


    mani = RestController()
    service = mani.getService()
    users = service.users
    for user in users:
        print user.name
0 Karma

paramagurukarth
Builder

To do other items .. have a look into you splunklib.Cline.py's Service class

0 Karma

reachvgupta
New Member

Its giving me same Error.... as Above 😞

0 Karma

reachvgupta
New Member

Traceback (most recent call last):
File "testlogin.py", line 15, in
for user in users:
File "C:\Python27\lib\site-packages\splunklib\client.py", line 1218, in iter
for item in self.iter(**kwargs):
File "C:\Python27\lib\site-packages\splunklib\client.py", line 1382, in iter
items = self._load_list(response)
File "C:\Python27\lib\site-packages\splunklib\client.py", line 1288, in _load_list
entries = _load_atom_entries(response)
File "C:\Python27\lib\site-packages\splunklib\client.py", line 202, in _load_atom_entries
if 'feed' in r:
TypeError: argument of type 'NoneType' is not iterable

0 Karma

reachvgupta
New Member

I am stuck , can someone please have a look

0 Karma
Get Updates on the Splunk Community!

This Week's Community Digest - Splunk Community Happenings [9.26.22]

Get the latest news and updates from the Splunk Community here! Upcoming User Group Events! 👏 Check ...

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...