Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why is access to Splunk API via Python generating an "Unauthorized" error?

Robbie1194
Communicator
‎02-05-2018 05:40 AM

Using some of the python code provided by Splunk:

Step 3: Get the search status

httplib2.Http(disable_ssl_certificate_validation=True).add_credentials(username, password)
servicessearchstatusstr = '/services/search/jobs/%s/' % sid
isnotdone = True
while isnotdone:
    searchstatus = httplib2.Http(disable_ssl_certificate_validation=True).request(baseurl + servicessearchstatusstr, 'GET')[1]
    print searchstatus
    isdonestatus = re.compile('isDone">(0|1)')
    isdonestatus = isdonestatus.search(searchstatus).groups()[0]
    if (isdonestatus == '1'):
        isnotdone = False
print "====>search status:  %s  <====" % isdonestatus

Error message produced:

====>search result:  [{"messages":[{"type":"ERROR","text":"Unauthorized"}]}]  <====

I have read many questions about people having the same issue and have tried all of the solutions but the error still persists. I've tried changing the password to something that's only alphanumeric (no special characters) so nothing needs to be escaped. I've changed the password from default, I've made a new account with admin access for api calls and I've even tried printing out the password and username in the script at multiple points so that I can see that it doesn't change values etc.

Any POST requests I make (running the search for example) will work fine, it's as soon as it comes to retrieving the information (GET requests) that there is a problem! Can anyone please provide any additional solutions that may help with this issue?

0 Karma
Reply

micahkemp
Champion
‎02-05-2018 07:08 AM

On lines 32 and 41 you're issuing GET requests but did not include the authorization header like you did on line 23.

0 Karma
Reply

Robbie1194
Communicator
‎02-05-2018 07:24 AM

Yeah i see what you mean!

I'm new to Python so it might take me a while to work out how but I'll attempt to add the authorisation headers in the same way the POST commands did.

0 Karma
Reply

Robbie1194
Communicator
‎02-05-2018 07:25 AM

Although I did think the script looked okay at first because I was of the understanding that you don't typically use headers in get requests.

0 Karma
Reply

Robbie1194
Communicator
‎02-05-2018 07:08 AM 
    import urllib
    import httplib2
    import time
    import re
    from time import localtime,strftime
    from xml.dom import minidom
    import json

    baseurl = 'splunkserver:8089'
    username = 'user'
    password = 'password'

   # Step 1: Get a session key
    servercontent = httplib2.Http(disable_ssl_certificate_validation=True).request(baseurl + '/services/auth/login', 'POST',
    headers={}, body=urllib.urlencode({'username':username, 'password':password}))[1]
    sessionkey = minidom.parseString(servercontent).getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue
    print "====>sessionkey:  %s  <====" % sessionkey

   # Step 2: Create a search job
    searchquery = 'search index=notable | top limit=5 _time unique_id'

    searchjob = httplib2.Http(disable_ssl_certificate_validation=True).request(baseurl + '/services/search/jobs','POST',
    headers={'Authorization': 'Splunk %s' % sessionkey},body=urllib.urlencode({'search': searchquery}))[1]
    sid = minidom.parseString(searchjob).getElementsByTagName('sid')[0].childNodes[0].nodeValue
    print "====>sid:  %s  <====" % sid

    #Step 3: Get the search status
    httplib2.Http(disable_ssl_certificate_validation=True).add_credentials(username, password)
    servicessearchstatusstr = '/services/search/jobs/%s/' % sid
    isnotdone = True
    while isnotdone:
        searchstatus = httplib2.Http(disable_ssl_certificate_validation=True).request(baseurl + servicessearchstatusstr, 'GET')[1]
        isdonestatus = re.compile('isDone">(0|1)')
        isdonestatus = isdonestatus.search(searchstatus).groups()[0]
        if (isdonestatus == '1'):
            isnotdone = False
    print "====>search status:  %s  <====" % isdonestatus

   # Step 4: Get the search results
    services_search_results_str = '/services/search/jobs/%s/results?output_mode=json&count=0' % sid
    searchresults = httplib2.Http(disable_ssl_certificate_validation=True).request(baseurl + services_search_results_str, 'GET')[1]
    print "====>search result:  [%s]  <====" % searchresults
0 Karma
Reply

micahkemp
Champion
‎02-05-2018 07:08 AM

Can you format the code using the code button (the 101010 icon) so that it's easier to read?

0 Karma
Reply

Robbie1194
Communicator
‎02-05-2018 07:08 AM

Okay, done 🙂

0 Karma
Reply

micahkemp
Champion
‎02-05-2018 05:57 AM

Can you paste your full script? It seems you didn't include the section that prints the search result.

I wonder if your call to get the search results is lacking the authentication component, either using the same httplib2 object that you added credentials to, or by passing the session ID from a previous request.

0 Karma
Reply

Robbie1194
Communicator
‎02-05-2018 06:02 AM

I've posted the full script in the answers.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...