Re: Connection Reset - while connecting with token

akshgpt25 · ‎07-14-2020

Hi,

When i am using Splunk admin username and password, am able to get the indexes via below code

HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
ServiceArgs loginArgs = new ServiceArgs();
loginArgs.setUsername("USER");
loginArgs.setPassword("PASS");
loginArgs.setHost("HOST");
loginArgs.setPort(8089);
loginArgs.setScheme("https");
Service service = Service.connect(loginArgs);
System.out.println("printing indexes" + service.getIndexes().values().toString());

But when I am trying to connect with the HEC token created via Splunk Web, I am getting 401 UnAuthorized exception

HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
Service service = new Service("HOST", 8089);
service.setToken("xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx");
System.out.println("printing indexes" + service.getIndexes().values().toString());

Am getting below exception
Exception in thread "main" com.splunk.HttpException: HTTP 401 -- Unauthorized
at com.splunk.HttpException.create(HttpException.java:84)
at com.splunk.HttpService.send(HttpService.java:500)
at com.splunk.Service.send(Service.java:1295)
at com.splunk.HttpService.get(HttpService.java:169)
at com.splunk.ResourceCollection.list(ResourceCollection.java:288)
at com.splunk.ResourceCollection.refresh(ResourceCollection.java:331)

should I use service.setToken("Basic" + "xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx"); or there should be other configuration required to use token?

klloden · ‎10-29-2021

Did you ever solve this problem. It looks like it is a very common problem which I have run into myself. None of the suggestions have worked for me.

My code:

com.splunk.HttpService.setSslSecurityProtocol(com.splunk.SSLSecurityProtocol.TLSv1_2);

ServiceArgs loginArgs = new ServiceArgs();
loginArgs.setToken("Splunk 2f8c48b2-aa3b-466f-9c08-xxxxxxxxxxxx");
loginArgs.setHost("splunk-hec.mydomain.com");
loginArgs.setPort(8088);
loginArgs.setScheme("https");

Service splunkService = Service.connect(loginArgs);

System.out.println("printing indexes" + splunkService.getIndexes().values().toString());

Gives:
Exception in thread "main" com.splunk.HttpException: HTTP 404 -- {"text":"The requested URL was not found on this server.","code":404}

Note this works fine from cURL such as:

curl -H "Authorization: Splunk 2f8c48b2-aa3b-466f-9c08-xxxxxxxxxxxx" \
-H "X-Splunk-Request-Channel: bc805b0d-0151-4c6c-96dc-xxxxxxxxxxxx" \
https://splunk-hec.mydomain.com:8088/services/collector/event \
-d '{"sourcetype": "_json", "event": { "fieldA" : "valueA", "fieldB" : "valueB" } }'

One potential difference is the request channel which I have to include with cURL due to acknowledgement being turned on. I'm not sure how to provide that here but really would expect a different error if that was the problem.

Also my code works fine using username and password to as local Splunk instance I have.

chandika-cg · ‎08-14-2021

Found the solution

you have to put the token like this

service.setToken("Bearer xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx");

chandika-cg · ‎08-14-2021

Same happen to me as well, Can anyone help?

akshgpt25 · ‎07-14-2020

Can anyone please help me out here.

chandika-cg · ‎08-14-2021

happened to me as well, did you find a solution?

Getting 401 while connecting with token whereas able to connect with username and password

index

indexer

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Monitoring AI Agents with Splunk Observability Cloud

Join the Conversation