Based on my research free license doesn't have authentication process. I want to get connected to Splunk through java SDK but I am getting the following error. And this is my code:
Note: I am running Splunk on a server not localhost.
public static void main(String[] args) {
// TODO Auto-generated method stub
Map
connectionArgs.put("host", "MY SERVER");
connectionArgs.put("username", "");
connectionArgs.put("password", "*");
connectionArgs.put("port", 8000);
connectionArgs.put("scheme", "https");
try
{
// will login and save the session key which gets put in the HTTP Authorization header
Service splunkService = Service.connect(connectionArgs);
}
This is the error:
[Fatal Error] :1:1: Content is not allowed in prolog.
com.splunk.HttpException: HTTP 400
at com.splunk.HttpException.create(HttpException.java:59)
at com.splunk.HttpService.send(HttpService.java:355)
at com.splunk.Service.send(Service.java:1211)
at com.splunk.HttpService.post(HttpService.java:212)
at com.splunk.Service.login(Service.java:1044)
at com.splunk.Service.login(Service.java:1024)
at com.splunk.Service.connect(Service.java:161)
at com.splunk.demo.SplunkSSH.main(SplunkSSH.java:26)
Also I added a setting to $SPLUNK_HOME/etc/system/local/server.conf and restarting; however, it didn't help!
[general]
allowRemoteLogin = always
Another option would be to request a developer license on the dev website:
sbrant_splunk thanks for your help, it is working now. I had an issue with iptable and port 8089 was closed.
I will check port 8089 on my host and will post the result here. Thanks for you help so far.
Sounds like you have a firewall blocking port 8089, either on the host or on your network, in front of the host.
the result of nestat -an
tcp 0 0 0.0.0.0:8089 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN
But when I telnet to port 8089 from my machine it doesn't work
nimakaveh$ telnet MYSERVER 8089
Trying 172.23.4.205...
telnet: connect to address 172.23.4.205: Connection refused
telnet: Unable to connect to remote host
Have you confirmed that there is no firewall in place on the Splunk host? Check which interface is listening on port 8089 (run netstat -an on the Splunk host)? Is it 0.0.0.0:8089? You can also try to telnet to port 8089 from the host that you're trying to run your Java app from, to see if you can connect that way.
I tried both ports none of them worked!
Ayn is right. You should be connecting to port 8089, the default management port. 8000 is the web port that UI uses.
And you're sure you're really supposed to be using port 8000?
I checked and the license is correctly added. No I am not using default credentials, I am using my own username/pass which I use to login to Splunk.
This is my code:
public static void main(String[] args) {
// TODO Auto-generated method stub
Map<String, Object> connectionArgs = new HashMap<String, Object>();
connectionArgs.put("host", "MY SERVER");
connectionArgs.put("username", "****");
connectionArgs.put("password", "****");
connectionArgs.put("port", 8000);
connectionArgs.put("scheme", "https");
}
Any idea?
First - Confirm from Splunk UI that the license is correctly added.
Second - Are you logging in with default credentials - admin/changeme? By default, Splunk doesn't allow remote login with default password.
I got developer license as well but still I can't connect to Splunk server. The authentication fails!! I couldn't find anything on the web except connecting to "localhost" which is not my case in here.
Not that I've used the Java SDK, but if it's anything like the other SDK's I'm pretty sure you don't want to connect to port 8000, which is the port used for the Splunk web interfaces on instances that have it enabled. The SDK's generally communicate with Splunk instances using the REST API, which is available via HTTPS on port 8089.
Free license has Authentication process limited to first 60-days of its use. After that, the authentication process, background jobs, alerts, etc get disabled. However, your reports, dashboards and 500-MB limit continue to work.