Java SDK Service.getJobs.create with token throws ...

angrydead · ‎05-16-2019

I have a token instead of a username and password for connecting to Splunk. When connecting, I am able to authenticate just fine. However, when performing a query I get a 401 unauthorized. The token was set up for the HTTP Event Collector (HEC), so that may be why I can't perform the search directly on the instance.

loginArgs.setToken("xxx-xxx-xxx-xxx");
loginArgs.setHost("dev.splunk.domain.com");
loginArgs.setPort(443);
 HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_1);
 Service service = Service.connect(loginArgs);
 System.out.println(service);

 String mySearch = "search index=app_name starttime=\"05/01/2019:15:58:00\" endtime=\"05/15/2019:15:59:50\" | head 5";
 Job job = service.getJobs().create(mySearch);

Below is part of the stack trace.

com.splunk.HttpException: HTTP 401 -- Unauthorized
  at com.splunk.HttpException.create(HttpException.java:84)
  at com.splunk.HttpService.send(HttpService.java:500)
  at com.splunk.Service.send(Service.java:1295)
  at com.splunk.HttpService.post(HttpService.java:348)
  at com.splunk.JobCollection.create(JobCollection.java:81)
  at com.splunk.JobCollection.create(JobCollection.java:62)
  at com.mastercard.salt.client.http.HECConnector.execute(HECConnector.java:73)
  at com.mastercard.salt.client.http.SplunkHECTest.setup(SplunkHECTest.java:17)

Question: Is the same token used for HEC and typical Splunk authentication?

Java SDK Service.getJobs.create with token throws 401 Unauthorized error

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector