- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Is it possible to use a token for python SDK?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it possible to use a token for python SDK?
I have an authentication token which I have found success using curls and the REST API with Splunk Cloud.
I'm trying to drop limited log events from a python application in AWS.
All of the documentation that I can find discusses using username and password with the python SDK client.
But I don't have that.
I could use the underlying requests python lib, but I'd rather leave as little room for me screwing up the JSON objects as I can.
Could you please provide an example of using the python SDK client with the kind of token that would be passed to the REST API in an Authorization header?
Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Currently (March 2020), you can pass splunkToken with the value of a token instead of passing a username and password to Splunk connect.
service = client.connect(user='admin', password='changeme' [...])
becomes
service = client.connect(splunkToken='sllRek...', [...])
I have tested this while running searches via the Python SDK.
I originally found the correct argument to use by searching for bearer in the sdk and found the Context class in binding.py includes self.bearerToken = kwargs.get("splunkToken", "").
Using git blame, it appears the code was originally comitted in October 2019 which would be after this question was asked and EricWehrly's answer, but since the situation has changed I felt an updated answer would be helpful.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No.
Answer appears to be "no", if all your organization provides is a token, you need to finnick with low-level request api. No SDK.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Have a look at script on https://answers.splunk.com/answers/688049/how-do-i-alter-propsconf-via-python-sdk.html , you need to supply username and password when you invoke script or initiate connection to Splunk management port. Once you authenticate successfully then you can use sessionkey to fire multiple REST API in same script.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there some reserve name to use with the username like with GitHub access Tokens? What I've tried so far hasn't worked.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IIRC Splunk allows token authentication since Splunk 7.3 but I didn't test this yet.
Have a look at https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/CreateAuthTokens to create new token and https://docs.splunk.com/Documentation/Splunk/7.3.0/Security/UseAuthTokens to use tockens in REST calls.
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...
Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...
