I have a token instead of a username and password for connecting to Splunk. When connecting, I am able to authenticate just fine. However, when performing a query I get a 401 unauthorized. The token was set up for the HTTP Event Collector (HEC), so that may be why I can't perform the search directly on the instance.
loginArgs.setToken("xxx-xxx-xxx-xxx");
loginArgs.setHost("dev.splunk.domain.com");
loginArgs.setPort(443);
HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_1);
Service service = Service.connect(loginArgs);
System.out.println(service);
String mySearch = "search index=app_name starttime=\"05/01/2019:15:58:00\" endtime=\"05/15/2019:15:59:50\" | head 5";
Job job = service.getJobs().create(mySearch);
Below is part of the stack trace.
com.splunk.HttpException: HTTP 401 -- Unauthorized
at com.splunk.HttpException.create(HttpException.java:84)
at com.splunk.HttpService.send(HttpService.java:500)
at com.splunk.Service.send(Service.java:1295)
at com.splunk.HttpService.post(HttpService.java:348)
at com.splunk.JobCollection.create(JobCollection.java:81)
at com.splunk.JobCollection.create(JobCollection.java:62)
at com.mastercard.salt.client.http.HECConnector.execute(HECConnector.java:73)
at com.mastercard.salt.client.http.SplunkHECTest.setup(SplunkHECTest.java:17)
Question: Is the same token used for HEC and typical Splunk authentication?