Dashboards & Visualizations

Is it possible to use a token for Java SDK?

akshgpt25
Explorer

I have an authentication token which I have found success using curls and the REST API.

I'm trying to drop limited log events from a Java application in AWS.
All of the documentation that I can find discusses using username and password with the Java SDK client.
But I only have HEC token and endpoint.

It's working perfectly fine on my test Splunk.
service = new Service("HOST",Port);
String credentials = "Username:Password";
String basicAuthHeader = Base64.encode(credentials.getBytes());
service.setToken("Basic " + basicAuthHeader);

But i don't have username and password for production Splunk, have only HEC endpoint and token.
So when I am trying to do

service = new Service("HOST",Port);
service.setToken("MY HEC TOKEN");

I am getting UnAuthorized Exception

 Is there any way to use Java SDK w/o username and password.

Labels (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Set the Authentication header to "Splunk <token>".  You'll also need to make sure to use the HEC URI and port.

---
If this reply helps you, Karma would be appreciated.
0 Karma

akshgpt25
Explorer

Thanks @richgalloway 

When I am trying that below exception is coming

Exception in thread "main" com.splunk.HttpException: HTTP 404 -- {"text":"The requested URL was not found on this server.","code":404}
at com.splunk.HttpException.create(HttpException.java:84)
at com.splunk.HttpService.send(HttpService.java:500)
at com.splunk.Service.send(Service.java:1295)

My Code

service = new Service("XX.XX.XX.XX",8088);
service.setToken("Splunk #TOKEN");

Below Curl is working fine for me.

curl -k https://XX.XX.XX.XX:8088/services/collector -H "Authorization: Splunk #TOKEN" -d '{"event": "hello world"}'

 

Should I use XX.XX.XX.XX/services/collector as HEC URI. Can you also confirm whether I am using the right URI or not.

I am running Splunk Enterprise on ec2 with Public IP XX.XX.XX.XX:443. and I am using XX.XX.XX.XX:8088 as HEC URI and Port.

Can you please help with this as well.

Thanks Again.

 

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I'm not sure what service your code uses, but this seems not right

service.setToken("Splunk #TOKEN");

The code should set an HTTP header called "Authentication" with the value "Splunk " followed by the HEC token.  It should be the Java equivalent to the curl option  -H "Authorization: Splunk #TOKEN"

If the URL works for curl then it should work for Java as well.

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...