Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How come our Splunk 6.5 REST API calls with curl command are not working?

mukesh2019
Explorer
‎12-19-2018 01:04 AM

Hi,

I have the following REST call on a new 6.5 environment, and it's coming back with error

curl -X POST -u user:pass -k http://host.domain.com:8000/en-US/splunkd/services/search/jobs -d search="search *"

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  <!--
  This is a static HTML string template to render errors.  To edit this template, see appserver/mrsparkle/lib/error.py.
  -->
   <html xmlns="http://www.w3.org/1999/xhtml" xmlns:splunk="http://www.splunk.com/xhtml-extensions/1.0" xml:lang="en">
   <head>
  <meta http-equiv="content-type" content="text/html; charset=utf-8" />
  <link rel="shortcut icon" href="/en-
  US/static/@EA9E3236A0BA7C4B28247E726C3C7D69A561FB26DFC20737824C1922C733518A/img/favicon.ico" />
 <title>Splunk cannot authenticate the request. CSRF validation failed. - Splunk</title>
 <style>
     *       { margin: 0; padding: 0; }
    body    { font-family: helvetica, arial, sans-serif; color: #333; padding: 20px; }
    p,pre   { margin-bottom: 1em; font-size: .8em; }
    .status { font-size: .7em; color: #999; margin-bottom: 1em; }
    .msg    { margin-bottom: 1em; font-size: 1.4em;}
    pre     { font-family: Monaco,Courier Bold,Courier New,monospace; font-size: .7em;background-color: #eee;  padding: 5px;}
    #toggle { font-size: .8em; margin-bottom: 1em; }
    .byline { color: #555; }
    .byline span { font-weight: bold; line-height: 1.4em; }
    hr      { height: 1px; background-color: #ccc; border: 0; margin: 20px 0 10px; }
    h2      { font-size: 1em; margin-bottom: 1em; }
    table   { border-collapse: collapse; }
    td      { padding: 2px; }
    td.k    { font-family: helvetica, arial, sans-serif; font-weight: bold; }
    #debug  { display: none; }
    #crashes { margin: 20px 0; padding: 10px; border: 1px solid #800; }
    #crashes dt { font-size: 12px; margin-bottom: 5px; }
    #crashes dd { white-space: pre; background: #f2f2f2; padding: 10px; margin-left: 20px; display: none; font: 10px Monaco,Courier Bold,Courier New,monospace; }
</style>
<script>
    function toggle(what) {
        what = document.getElementById(what);
        if (what.style.display == 'block') {
            what.style.display = 'none';
        } else {
            what.style.display = 'block';
        }
    }
</script>
</head>
<body>
   <p class="status">401 Unauthorized</p>
   <p class="homelink"><a href="/">Return to Splunk home page</a></p>
    <h1 class="msg">Splunk cannot authenticate the request. CSRF validation failed.</h1>
      <a href="/en-US/app/search/search?q=index%3D_internal%20host%3D%22xxx%22%20source%3D%2Aweb_service.log%20log_level%3DERROR%20requestid%3D5c1a06af277fdd04614990" target="_blank">View more information about your request (request ID = 5c1a06af277fdd04614990) in 
   Search</a>
    &lt;br/&gt;
   &lt;br/&gt;
  &lt;br/&gt;
 <hr />
 <p class="byline">You are using <span>xxxx.xxxxx.com:8000</span>, which is connected to splunkd 
<span>@59c8927def0f</span> at <span>https://127.0.0.1:8089</span> on <span>Wed Dec 19 03:51:59 2018</span>.</p>
 </body>
</html>

I'm able to get the session key with same credentials :-

curl -k http://host.domain.com:8000/en-US/splunkd/services/auth/login --data-urlencode username=user--data-urlencode password=pass

<response>
 <sessionKey>yATMHjpws9MOIGi5Rg9QvsoRR4EMncSGxlerJ9W6B....</sessionKey>
</response>

Please suggest. Apologies for the editing, I'm new at this.

Thanks

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

whrg
Motivator
‎12-19-2018 04:33 AM

Hello @mukesh2019,

You are using the wrong port.

Splunk's management port is 8089. You also need to use https instead of http.

Also remove the language modifier. It should look like this:

https://host.domain.com:8089/services/search/jobs

Check out the REST API documentation.

View solution in original post

Reply
Solved! Jump to solution
Solution

whrg
Motivator
‎12-19-2018 04:33 AM

Hello @mukesh2019,

You are using the wrong port.

Splunk's management port is 8089. You also need to use https instead of http.

Also remove the language modifier. It should look like this:

https://host.domain.com:8089/services/search/jobs

Check out the REST API documentation.

Reply
Solved! Jump to solution

mukesh2019
Explorer
‎12-19-2018 07:12 AM

Thanks a lot 🙂

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...