Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Getting 401 while connecting with token whereas able to connect with username and password

akshgpt25
Explorer
‎07-14-2020 04:51 AM

Hi,

 

When i am using Splunk admin username and password, am able to get the indexes via below code

HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
ServiceArgs loginArgs = new ServiceArgs();
loginArgs.setUsername("USER");
loginArgs.setPassword("PASS");
loginArgs.setHost("HOST");
loginArgs.setPort(8089);
loginArgs.setScheme("https");
Service service = Service.connect(loginArgs);
System.out.println("printing indexes" + service.getIndexes().values().toString());

But when I am trying to connect with the HEC token created via Splunk Web, I am getting 401 UnAuthorized exception

HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
Service service = new Service("HOST", 8089);
service.setToken("xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx");
System.out.println("printing indexes" + service.getIndexes().values().toString());

Am getting below exception
Exception in thread "main" com.splunk.HttpException: HTTP 401 -- Unauthorized
at com.splunk.HttpException.create(HttpException.java:84)
at com.splunk.HttpService.send(HttpService.java:500)
at com.splunk.Service.send(Service.java:1295)
at com.splunk.HttpService.get(HttpService.java:169)
at com.splunk.ResourceCollection.list(ResourceCollection.java:288)
at com.splunk.ResourceCollection.refresh(ResourceCollection.java:331)

should I use service.setToken("Basic" + "xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx"); or there should be other configuration required to use token?

Labels (2)
Labels
Tags (1)
0 Karma
Reply

klloden
Observer
‎10-29-2021 10:41 AM

Did you ever solve this problem. It looks like it is a very common problem which I have run into myself. None of the suggestions have worked for me.

My code:

com.splunk.HttpService.setSslSecurityProtocol(com.splunk.SSLSecurityProtocol.TLSv1_2);

ServiceArgs loginArgs = new ServiceArgs();
loginArgs.setToken("Splunk 2f8c48b2-aa3b-466f-9c08-xxxxxxxxxxxx");
loginArgs.setHost("splunk-hec.mydomain.com");
loginArgs.setPort(8088);
loginArgs.setScheme("https");

Service splunkService = Service.connect(loginArgs);

System.out.println("printing indexes" + splunkService.getIndexes().values().toString());

Gives:
Exception in thread "main" com.splunk.HttpException: HTTP 404 -- {"text":"The requested URL was not found on this server.","code":404}

 

Note this works fine from cURL such as:

curl -H "Authorization: Splunk 2f8c48b2-aa3b-466f-9c08-xxxxxxxxxxxx" \
-H "X-Splunk-Request-Channel: bc805b0d-0151-4c6c-96dc-xxxxxxxxxxxx" \
https://splunk-hec.mydomain.com:8088/services/collector/event \
-d '{"sourcetype": "_json", "event": { "fieldA" : "valueA", "fieldB" : "valueB" } }'

One potential difference is the request channel which I have to include with cURL due to acknowledgement being turned on. I'm not sure how to provide that here but really would expect a different error if that was the problem.

Also my code works fine using username and password to as local Splunk instance I have.

0 Karma
Reply

chandika-cg
Engager
‎08-14-2021 09:31 AM

Found the solution

you have to put the token like this

service.setToken("Bearer xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx");
0 Karma
Reply

chandika-cg
Engager
‎08-14-2021 08:53 AM

Same happen to me as well, Can anyone help?

0 Karma
Reply

akshgpt25
Explorer
‎07-14-2020 09:56 AM

Can anyone please help me out here.

Reply

chandika-cg
Engager
‎08-14-2021 08:54 AM

happened to me as well,  did you find a solution?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...