Dashboards & Visualizations
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it possible to use a token for python SDK?

EricWehrly
Engager
‎06-26-2019 08:58 AM

I have an authentication token which I have found success using curls and the REST API with Splunk Cloud.

I'm trying to drop limited log events from a python application in AWS.
All of the documentation that I can find discusses using username and password with the python SDK client.
But I don't have that.

I could use the underlying requests python lib, but I'd rather leave as little room for me screwing up the JSON objects as I can.

Could you please provide an example of using the python SDK client with the kind of token that would be passed to the REST API in an Authorization header?

Thank you

0 Karma
Reply

triest
Communicator
‎03-25-2020 09:03 PM

Currently (March 2020), you can pass splunkToken with the value of a token instead of passing a username and password to Splunk connect. 

service = client.connect(user='admin', password='changeme' [...])

becomes

service = client.connect(splunkToken='sllRek...', [...])

I have tested this while running searches via the Python SDK.

I originally found the correct argument to use by searching for bearer in the sdk and found the Context class in binding.py includes self.bearerToken = kwargs.get("splunkToken", "").

Using git blame, it appears the code was originally comitted in October 2019 which would be after this question was asked and EricWehrly's answer, but since the situation has changed I felt an updated answer would be helpful.

Reply

Kopcisko
Engager
‎11-22-2024 03:30 AM

Yes: 

 

splunk = client.connect(host='localhost', port=8089, splunkToken='eyJraWQiOiJzc.....)

0 Karma
Reply

EricWehrly
Engager
‎07-02-2019 06:53 AM

No.
Answer appears to be "no", if all your organization provides is a token, you need to finnick with low-level request api. No SDK.

0 Karma
Reply

harsmarvania57
Ultra Champion
‎06-27-2019 01:20 AM

Hi,

Have a look at script on https://answers.splunk.com/answers/688049/how-do-i-alter-propsconf-via-python-sdk.html , you need to supply username and password when you invoke script or initiate connection to Splunk management port. Once you authenticate successfully then you can use sessionkey to fire multiple REST API in same script.

0 Karma
Reply

EricWehrly
Engager
‎07-01-2019 09:15 AM

Is there some reserve name to use with the username like with GitHub access Tokens? What I've tried so far hasn't worked.

0 Karma
Reply

harsmarvania57
Ultra Champion
‎07-02-2019 03:00 AM

IIRC Splunk allows token authentication since Splunk 7.3 but I didn't test this yet.

Have a look at https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/CreateAuthTokens to create new token and https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/UseAuthTokens to use tockens in REST calls.

0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
Top