Hi,
When i am using Splunk admin username and password, am able to get the indexes via below code
HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
ServiceArgs loginArgs = new ServiceArgs();
loginArgs.setUsername("USER");
loginArgs.setPassword("PASS");
loginArgs.setHost("HOST");
loginArgs.setPort(8089);
loginArgs.setScheme("https");
Service service = Service.connect(loginArgs);
System.out.println("printing indexes" + service.getIndexes().values().toString());
But when I am trying to connect with the HEC token created via Splunk Web, I am getting 401 UnAuthorized exception
HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
Service service = new Service("HOST", 8089);
service.setToken("xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx");
System.out.println("printing indexes" + service.getIndexes().values().toString());
Am getting below exception
Exception in thread "main" com.splunk.HttpException: HTTP 401 -- Unauthorized
at com.splunk.HttpException.create(HttpException.java:84)
at com.splunk.HttpService.send(HttpService.java:500)
at com.splunk.Service.send(Service.java:1295)
at com.splunk.HttpService.get(HttpService.java:169)
at com.splunk.ResourceCollection.list(ResourceCollection.java:288)
at com.splunk.ResourceCollection.refresh(ResourceCollection.java:331)
should I use service.setToken("Basic" + "xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx"); or there should be other configuration required to use token?
Did you ever solve this problem. It looks like it is a very common problem which I have run into myself. None of the suggestions have worked for me.
My code:
com.splunk.HttpService.setSslSecurityProtocol(com.splunk.SSLSecurityProtocol.TLSv1_2);
ServiceArgs loginArgs = new ServiceArgs();
loginArgs.setToken("Splunk 2f8c48b2-aa3b-466f-9c08-xxxxxxxxxxxx");
loginArgs.setHost("splunk-hec.mydomain.com");
loginArgs.setPort(8088);
loginArgs.setScheme("https");
Service splunkService = Service.connect(loginArgs);
System.out.println("printing indexes" + splunkService.getIndexes().values().toString());
Gives:
Exception in thread "main" com.splunk.HttpException: HTTP 404 -- {"text":"The requested URL was not found on this server.","code":404}
Note this works fine from cURL such as:
curl -H "Authorization: Splunk 2f8c48b2-aa3b-466f-9c08-xxxxxxxxxxxx" \
-H "X-Splunk-Request-Channel: bc805b0d-0151-4c6c-96dc-xxxxxxxxxxxx" \
https://splunk-hec.mydomain.com:8088/services/collector/event \
-d '{"sourcetype": "_json", "event": { "fieldA" : "valueA", "fieldB" : "valueB" } }'
One potential difference is the request channel which I have to include with cURL due to acknowledgement being turned on. I'm not sure how to provide that here but really would expect a different error if that was the problem.
Also my code works fine using username and password to as local Splunk instance I have.
Found the solution
you have to put the token like this
service.setToken("Bearer xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx");
Same happen to me as well, Can anyone help?
Can anyone please help me out here.
happened to me as well, did you find a solution?