Splunk Dev

Does Splunk free license allow usage Splunk java SDK?

nimakaveh
Explorer

Based on my research free license doesn't have authentication process. I want to get connected to Splunk through java SDK but I am getting the following error. And this is my code:

Note: I am running Splunk on a server not localhost.

public static void main(String[] args) {
// TODO Auto-generated method stub
Map connectionArgs = new HashMap();
connectionArgs.put("host", "MY SERVER");
connectionArgs.put("username", "");
connectionArgs.put("password", "
*");
connectionArgs.put("port", 8000);
connectionArgs.put("scheme", "https");
try
{
// will login and save the session key which gets put in the HTTP Authorization header
Service splunkService = Service.connect(connectionArgs);
}

This is the error:
[Fatal Error] :1:1: Content is not allowed in prolog.
com.splunk.HttpException: HTTP 400
at com.splunk.HttpException.create(HttpException.java:59)
at com.splunk.HttpService.send(HttpService.java:355)
at com.splunk.Service.send(Service.java:1211)
at com.splunk.HttpService.post(HttpService.java:212)
at com.splunk.Service.login(Service.java:1044)
at com.splunk.Service.login(Service.java:1024)
at com.splunk.Service.connect(Service.java:161)
at com.splunk.demo.SplunkSSH.main(SplunkSSH.java:26)

Also I added a setting to $SPLUNK_HOME/etc/system/local/server.conf and restarting; however, it didn't help!

[general]
allowRemoteLogin = always

Tags (1)
0 Karma

sbrant_splunk
Splunk Employee
Splunk Employee

Another option would be to request a developer license on the dev website:

http://dev.splunk.com/

nimakaveh
Explorer

sbrant_splunk thanks for your help, it is working now. I had an issue with iptable and port 8089 was closed.

0 Karma

nimakaveh
Explorer

I will check port 8089 on my host and will post the result here. Thanks for you help so far.

0 Karma

sbrant_splunk
Splunk Employee
Splunk Employee

Sounds like you have a firewall blocking port 8089, either on the host or on your network, in front of the host.

0 Karma

nimakaveh
Explorer

the result of nestat -an

tcp 0 0 0.0.0.0:8089 0.0.0.0:* LISTEN

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN

But when I telnet to port 8089 from my machine it doesn't work
nimakaveh$ telnet MYSERVER 8089
Trying 172.23.4.205...
telnet: connect to address 172.23.4.205: Connection refused
telnet: Unable to connect to remote host

0 Karma

sbrant_splunk
Splunk Employee
Splunk Employee

Have you confirmed that there is no firewall in place on the Splunk host? Check which interface is listening on port 8089 (run netstat -an on the Splunk host)? Is it 0.0.0.0:8089? You can also try to telnet to port 8089 from the host that you're trying to run your Java app from, to see if you can connect that way.

nimakaveh
Explorer

I tried both ports none of them worked!

0 Karma

Neeraj_Luthra
Splunk Employee
Splunk Employee

Ayn is right. You should be connecting to port 8089, the default management port. 8000 is the web port that UI uses.

0 Karma

Ayn
Legend

And you're sure you're really supposed to be using port 8000?

0 Karma

nimakaveh
Explorer

I checked and the license is correctly added. No I am not using default credentials, I am using my own username/pass which I use to login to Splunk.
This is my code:

public static void main(String[] args) {
    // TODO Auto-generated method stub
    Map<String, Object> connectionArgs = new HashMap<String, Object>();
    connectionArgs.put("host", "MY SERVER");
    connectionArgs.put("username", "****");
    connectionArgs.put("password", "****");
    connectionArgs.put("port", 8000);
    connectionArgs.put("scheme", "https");
}

Any idea?

0 Karma

Neeraj_Luthra
Splunk Employee
Splunk Employee

First - Confirm from Splunk UI that the license is correctly added.
Second - Are you logging in with default credentials - admin/changeme? By default, Splunk doesn't allow remote login with default password.

0 Karma

nimakaveh
Explorer

I got developer license as well but still I can't connect to Splunk server. The authentication fails!! I couldn't find anything on the web except connecting to "localhost" which is not my case in here.

0 Karma

Ayn
Legend

Not that I've used the Java SDK, but if it's anything like the other SDK's I'm pretty sure you don't want to connect to port 8000, which is the port used for the Splunk web interfaces on instances that have it enabled. The SDK's generally communicate with Splunk instances using the REST API, which is available via HTTPS on port 8089.

miteshvohra
Contributor

Free license has Authentication process limited to first 60-days of its use. After that, the authentication process, background jobs, alerts, etc get disabled. However, your reports, dashboards and 500-MB limit continue to work.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...