Getting Data In

Getting 401 while connecting with token whereas able to connect with username and password

akshgpt25
Explorer

Hi,

 

When i am using Splunk admin username and password, am able to get the indexes via below code

HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
ServiceArgs loginArgs = new ServiceArgs();
loginArgs.setUsername("USER");
loginArgs.setPassword("PASS");
loginArgs.setHost("HOST");
loginArgs.setPort(8089);
loginArgs.setScheme("https");
Service service = Service.connect(loginArgs);
System.out.println("printing indexes" + service.getIndexes().values().toString());

But when I am trying to connect with the HEC token created via Splunk Web, I am getting 401 UnAuthorized exception

HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
Service service = new Service("HOST", 8089);
service.setToken("xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx");
System.out.println("printing indexes" + service.getIndexes().values().toString());

Am getting below exception
Exception in thread "main" com.splunk.HttpException: HTTP 401 -- Unauthorized
at com.splunk.HttpException.create(HttpException.java:84)
at com.splunk.HttpService.send(HttpService.java:500)
at com.splunk.Service.send(Service.java:1295)
at com.splunk.HttpService.get(HttpService.java:169)
at com.splunk.ResourceCollection.list(ResourceCollection.java:288)
at com.splunk.ResourceCollection.refresh(ResourceCollection.java:331)

should I use service.setToken("Basic" + "xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx"); or there should be other configuration required to use token?

Labels (2)
Tags (1)
0 Karma

klloden
Observer

Did you ever solve this problem. It looks like it is a very common problem which I have run into myself. None of the suggestions have worked for me.

My code:

com.splunk.HttpService.setSslSecurityProtocol(com.splunk.SSLSecurityProtocol.TLSv1_2);

ServiceArgs loginArgs = new ServiceArgs();
loginArgs.setToken("Splunk 2f8c48b2-aa3b-466f-9c08-xxxxxxxxxxxx");
loginArgs.setHost("splunk-hec.mydomain.com");
loginArgs.setPort(8088);
loginArgs.setScheme("https");

Service splunkService = Service.connect(loginArgs);

System.out.println("printing indexes" + splunkService.getIndexes().values().toString());

Gives:
Exception in thread "main" com.splunk.HttpException: HTTP 404 -- {"text":"The requested URL was not found on this server.","code":404}

 

Note this works fine from cURL such as:

curl -H "Authorization: Splunk 2f8c48b2-aa3b-466f-9c08-xxxxxxxxxxxx" \
-H "X-Splunk-Request-Channel: bc805b0d-0151-4c6c-96dc-xxxxxxxxxxxx" \
https://splunk-hec.mydomain.com:8088/services/collector/event \
-d '{"sourcetype": "_json", "event": { "fieldA" : "valueA", "fieldB" : "valueB" } }'

One potential difference is the request channel which I have to include with cURL due to acknowledgement being turned on. I'm not sure how to provide that here but really would expect a different error if that was the problem.

Also my code works fine using username and password to as local Splunk instance I have.

0 Karma

chandika-cg
Engager

Found the solution

you have to put the token like this

service.setToken("Bearer xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx");
0 Karma

chandika-cg
Engager

Same happen to me as well, Can anyone help?

0 Karma

akshgpt25
Explorer

Can anyone please help me out here.

chandika-cg
Engager

happened to me as well,  did you find a solution?

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...