Deployment Architecture

Why am I getting Splunk CLI Error "Client is not authenticated" running a Linux bash script on the deployment server to pull deployment clients?

dsbruce
Explorer

I am trying to run a Linux bash script on the deployment server to pull down the deployment clients.
I have the splunk command correct, but get an authentication error when this is run under cron or even from the command line.
There are multiple postings on this command, but none of them talk about requiring authentication.

How do we work around the account:password issue?
splunk 6.2.2

command: splunk list deploy-clients -count -1 | grep hostname

I tried the -auth parameter that is shown on other command options, but this one does not seem to like this option.

command: splunk list deploy-clients -count -1 -auth admin:changeme
results: An authentication error occurred: Client is not authenticated

Any guidance would be appreciated.

0 Karma

alacercogitatus
SplunkTrust
SplunkTrust

You will want to login first. You might be able to do it all in one command:

splunk login -auth admin:changeme && splunk list deploy-clients  -count -1

This should store the authorization and then use it for the list command.

dsbruce
Explorer

From a functional standpoint, this does work.
But we are trying to run this from crontab and putting the admin password in the clear in a script is now allowed.

So I am still looking for a method for the application owner account to run this command without being prompted to login so we can "automate" this for the reports.

0 Karma

Sarmbrister
Path Finder

Are you being prompted to log in after trying to run the command?
I just had this same issue in the admin training course but I am not sure if the same fix would work here. But if you want to try it.
1. stop splunk on the deployment server
2. backup passwd file in etc to passwd.save
3. start splunk
4. cd to etc check that a new passwd file has been created (this has reset the admin password back to changeme)
5. stop splunk again
6. vi passwd.save copy everything but the admin line (top line in my instance)
7. vi passwd paste the data underneath the top line.
8. start splunk.

NOTE: DO NOT DELETE THE PASSWD.SAVE FILE UNLESS THIS CORRECTS THE ISSUE AND ALL USERS ARE ABLE TO LOG IN WITH NO ISSUES.

I had to change my admin password in the Splunk web ui after this.

if this does not work remove the newly created passwd file and change the passwd.save back to just passwd and system will be back to normal.

Good Luck I hope this helps. Like I said I had this in my admin training course so I don't know if this will apply to you.

0 Karma

dsbruce
Explorer

Thank-you - but this did not resolve my issue. It still prompts for the Splunk username when running the splunk command. I am logged in as the splunk application service account that owns and is running the splunkd process.

$ splunk list deploy-clients -count -1
Your session is invalid. Please login.
Splunk username:

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...