Developing for Splunk Enterprise

Is it possible to use TLS client certs to connect to Splunk REST API?

New Member

I need to use TLS client certs to connect to Splunk REST API.

It seems this is not possible out of the box with client.connet() as per the docs here: - there is no cert/key param.

Is it somehow possible to use TLS client certs with the Splunk Python SDK ?

Labels (3)
0 Karma



You can achieve this using splunklib.six module. Below is sample script which connects to splunk server and retrieve sessionKey and then you can use that session_key to do other work in same script.

import sys
import splunklib.six as six
import urllib
from xml.etree import ElementTree
import getpass

HOST = raw_input("Enter splunk server hostname/ip: ")
PORT = 8089

splunkUser = raw_input("Enter Splunk Username: ")
splunkPassword = getpass.getpass("Enter Password: ")

connection = six.moves.http_client.HTTPSConnection(HOST, PORT)
body = urllib.urlencode({'username': splunkUser, 'password': splunkPassword})
headers = {'Content-Type': "application/x-www-form-urlencoded",
           'Host': HOST

connection.request("POST", "/services/auth/login", body, headers)
response = connection.getresponse()
content =

session_key = ElementTree.XML(content).findtext("./sessionKey")

As per my knowledge (I am not at advanced level of python) in above script six.moves.http_client.HTTPSConnection is using httplib module which has key_file and cert_file parameter so you can use those parameter for TLS connections.

Help on class HTTPSConnection in splunklib.six.moves.http_client:

splunklib.six.moves.http_client.HTTPSConnection = class HTTPSConnection(HTTPConnection)
 |  This class allows communication via SSL.
 |  Methods defined here:
 |  __init__(self, host, port=None, key_file=None, cert_file=None, strict=None, timeout=<object object>, source_address=None, context=None, check_hostname=None)
 |  connect(self)
 |      Connect to a host on a given (SSL) port.
0 Karma