Dashboards & Visualizations

Is it possible to use a token for python SDK?

EricWehrly
Engager

I have an authentication token which I have found success using curls and the REST API with Splunk Cloud.

I'm trying to drop limited log events from a python application in AWS.
All of the documentation that I can find discusses using username and password with the python SDK client.
But I don't have that.

I could use the underlying requests python lib, but I'd rather leave as little room for me screwing up the JSON objects as I can.

Could you please provide an example of using the python SDK client with the kind of token that would be passed to the REST API in an Authorization header?

Thank you

0 Karma

triest
Communicator

Currently (March 2020), you can pass splunkToken with the value of a token instead of passing a username and password to Splunk connect.

service = client.connect(user='admin', password='changeme' [...])

becomes

service = client.connect(splunkToken='sllRek...', [...])

I have tested this while running searches via the Python SDK.

I originally found the correct argument to use by searching for bearer in the sdk and found the Context class in binding.py includes self.bearerToken = kwargs.get("splunkToken", "").

Using git blame, it appears the code was originally comitted in October 2019 which would be after this question was asked and EricWehrly's answer, but since the situation has changed I felt an updated answer would be helpful.

EricWehrly
Engager

No.
Answer appears to be "no", if all your organization provides is a token, you need to finnick with low-level request api. No SDK.

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Hi,

Have a look at script on https://answers.splunk.com/answers/688049/how-do-i-alter-propsconf-via-python-sdk.html , you need to supply username and password when you invoke script or initiate connection to Splunk management port. Once you authenticate successfully then you can use sessionkey to fire multiple REST API in same script.

0 Karma

EricWehrly
Engager

Is there some reserve name to use with the username like with GitHub access Tokens? What I've tried so far hasn't worked.

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

IIRC Splunk allows token authentication since Splunk 7.3 but I didn't test this yet.

Have a look at https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/CreateAuthTokens to create new token and https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/UseAuthTokens to use tockens in REST calls.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...