Getting 401 while connecting with token whereas ab...

akshgpt25 · ‎07-14-2020

Hi,

When i am using Splunk admin username and password, am able to get the indexes via below code

HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
ServiceArgs loginArgs = new ServiceArgs();
loginArgs.setUsername("USER");
loginArgs.setPassword("PASS");
loginArgs.setHost("HOST");
loginArgs.setPort(8089);
loginArgs.setScheme("https");
Service service = Service.connect(loginArgs);
System.out.println("printing indexes" + service.getIndexes().values().toString());

But when I am trying to connect with the HEC token created via Splunk Web, I am getting 401 UnAuthorized exception

HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
Service service = new Service("HOST", 8089);
service.setToken("xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx");
System.out.println("printing indexes" + service.getIndexes().values().toString());

Am getting below exception
Exception in thread "main" com.splunk.HttpException: HTTP 401 -- Unauthorized
at com.splunk.HttpException.create(HttpException.java:84)
at com.splunk.HttpService.send(HttpService.java:500)
at com.splunk.Service.send(Service.java:1295)
at com.splunk.HttpService.get(HttpService.java:169)
at com.splunk.ResourceCollection.list(ResourceCollection.java:288)
at com.splunk.ResourceCollection.refresh(ResourceCollection.java:331)

should I use service.setToken("Basic" + "xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx"); or there should be other configuration required to use token?

klloden · ‎10-29-2021

Did you ever solve this problem. It looks like it is a very common problem which I have run into myself. None of the suggestions have worked for me.

My code:

com.splunk.HttpService.setSslSecurityProtocol(com.splunk.SSLSecurityProtocol.TLSv1_2);

ServiceArgs loginArgs = new ServiceArgs();
loginArgs.setToken("Splunk 2f8c48b2-aa3b-466f-9c08-xxxxxxxxxxxx");
loginArgs.setHost("splunk-hec.mydomain.com");
loginArgs.setPort(8088);
loginArgs.setScheme("https");

Service splunkService = Service.connect(loginArgs);

System.out.println("printing indexes" + splunkService.getIndexes().values().toString());

Gives:
Exception in thread "main" com.splunk.HttpException: HTTP 404 -- {"text":"The requested URL was not found on this server.","code":404}

Note this works fine from cURL such as:

curl -H "Authorization: Splunk 2f8c48b2-aa3b-466f-9c08-xxxxxxxxxxxx" \
-H "X-Splunk-Request-Channel: bc805b0d-0151-4c6c-96dc-xxxxxxxxxxxx" \
https://splunk-hec.mydomain.com:8088/services/collector/event \
-d '{"sourcetype": "_json", "event": { "fieldA" : "valueA", "fieldB" : "valueB" } }'

One potential difference is the request channel which I have to include with cURL due to acknowledgement being turned on. I'm not sure how to provide that here but really would expect a different error if that was the problem.

Also my code works fine using username and password to as local Splunk instance I have.

chandika-cg · ‎08-14-2021

Found the solution

you have to put the token like this

service.setToken("Bearer xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx");

chandika-cg · ‎08-14-2021

Same happen to me as well, Can anyone help?

akshgpt25 · ‎07-14-2020

Can anyone please help me out here.

chandika-cg · ‎08-14-2021

happened to me as well, did you find a solution?

Getting 401 while connecting with token whereas able to connect with username and password

index

indexer

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor