Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is it possible to use a token for Java SDK?

akshgpt25
Explorer
‎07-17-2020 04:53 AM

I have an authentication token which I have found success using curls and the REST API.

I'm trying to drop limited log events from a Java application in AWS.
All of the documentation that I can find discusses using username and password with the Java SDK client.
But I only have HEC token and endpoint.

It's working perfectly fine on my test Splunk.
 service = new Service("HOST",Port);
 String credentials = "Username:Password";
 String basicAuthHeader = Base64.encode(credentials.getBytes());
 service.setToken("Basic " + basicAuthHeader);

But i don't have username and password for production Splunk, have only HEC endpoint and token.
So when I am trying to do 

service = new Service("HOST",Port);
service.setToken("MY HEC TOKEN");

I am getting UnAuthorized Exception

 Is there any way to use Java SDK w/o username and password.

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-17-2020 05:49 AM

Set the Authentication header to "Splunk <token>".  You'll also need to make sure to use the HEC URI and port.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

akshgpt25
Explorer
‎07-19-2020 10:27 PM

Thanks @richgalloway 

When I am trying that below exception is coming

Exception in thread "main" com.splunk.HttpException: HTTP 404 -- {"text":"The requested URL was not found on this server.","code":404}
at com.splunk.HttpException.create(HttpException.java:84)
at com.splunk.HttpService.send(HttpService.java:500)
at com.splunk.Service.send(Service.java:1295)

My Code

service = new Service("XX.XX.XX.XX",8088);
service.setToken("Splunk #TOKEN");

Below Curl is working fine for me.

curl -k https://XX.XX.XX.XX:8088/services/collector -H "Authorization: Splunk #TOKEN" -d '{"event": "hello world"}'

 

Should I use XX.XX.XX.XX/services/collector as HEC URI. Can you also confirm whether I am using the right URI or not.

I am running Splunk Enterprise on ec2 with Public IP XX.XX.XX.XX:443. and I am using XX.XX.XX.XX:8088 as HEC URI and Port.

Can you please help with this as well.

Thanks Again.

 

 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-20-2020 06:35 AM

I'm not sure what service your code uses, but this seems not right

service.setToken("Splunk #TOKEN");

The code should set an HTTP header called "Authentication" with the value "Splunk " followed by the HEC token.  It should be the Java equivalent to the curl option  -H "Authorization: Splunk #TOKEN"

If the URL works for curl then it should work for Java as well.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...