Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How come our Splunk 6.5 REST API calls with curl command are not working?

mukesh2019
Explorer
‎12-19-2018 01:04 AM

Hi,

I have the following REST call on a new 6.5 environment, and it's coming back with error

curl -X POST -u user:pass -k http://host.domain.com:8000/en-US/splunkd/services/search/jobs -d search="search *"

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  <!--
  This is a static HTML string template to render errors.  To edit this template, see appserver/mrsparkle/lib/error.py.
  -->
   <html xmlns="http://www.w3.org/1999/xhtml" xmlns:splunk="http://www.splunk.com/xhtml-extensions/1.0" xml:lang="en">
   <head>
  <meta http-equiv="content-type" content="text/html; charset=utf-8" />
  <link rel="shortcut icon" href="/en-
  US/static/@EA9E3236A0BA7C4B28247E726C3C7D69A561FB26DFC20737824C1922C733518A/img/favicon.ico" />
 <title>Splunk cannot authenticate the request. CSRF validation failed. - Splunk</title>
 <style>
     *       { margin: 0; padding: 0; }
    body    { font-family: helvetica, arial, sans-serif; color: #333; padding: 20px; }
    p,pre   { margin-bottom: 1em; font-size: .8em; }
    .status { font-size: .7em; color: #999; margin-bottom: 1em; }
    .msg    { margin-bottom: 1em; font-size: 1.4em;}
    pre     { font-family: Monaco,Courier Bold,Courier New,monospace; font-size: .7em;background-color: #eee;  padding: 5px;}
    #toggle { font-size: .8em; margin-bottom: 1em; }
    .byline { color: #555; }
    .byline span { font-weight: bold; line-height: 1.4em; }
    hr      { height: 1px; background-color: #ccc; border: 0; margin: 20px 0 10px; }
    h2      { font-size: 1em; margin-bottom: 1em; }
    table   { border-collapse: collapse; }
    td      { padding: 2px; }
    td.k    { font-family: helvetica, arial, sans-serif; font-weight: bold; }
    #debug  { display: none; }
    #crashes { margin: 20px 0; padding: 10px; border: 1px solid #800; }
    #crashes dt { font-size: 12px; margin-bottom: 5px; }
    #crashes dd { white-space: pre; background: #f2f2f2; padding: 10px; margin-left: 20px; display: none; font: 10px Monaco,Courier Bold,Courier New,monospace; }
</style>
<script>
    function toggle(what) {
        what = document.getElementById(what);
        if (what.style.display == 'block') {
            what.style.display = 'none';
        } else {
            what.style.display = 'block';
        }
    }
</script>
</head>
<body>
   <p class="status">401 Unauthorized</p>
   <p class="homelink"><a href="/">Return to Splunk home page</a></p>
    <h1 class="msg">Splunk cannot authenticate the request. CSRF validation failed.</h1>
      <a href="/en-US/app/search/search?q=index%3D_internal%20host%3D%22xxx%22%20source%3D%2Aweb_service.log%20log_level%3DERROR%20requestid%3D5c1a06af277fdd04614990" target="_blank">View more information about your request (request ID = 5c1a06af277fdd04614990) in 
   Search</a>
    &lt;br/&gt;
   &lt;br/&gt;
  &lt;br/&gt;
 <hr />
 <p class="byline">You are using <span>xxxx.xxxxx.com:8000</span>, which is connected to splunkd 
<span>@59c8927def0f</span> at <span>https://127.0.0.1:8089</span> on <span>Wed Dec 19 03:51:59 2018</span>.</p>
 </body>
</html>

I'm able to get the session key with same credentials :-

curl -k http://host.domain.com:8000/en-US/splunkd/services/auth/login --data-urlencode username=user--data-urlencode password=pass

<response>
 <sessionKey>yATMHjpws9MOIGi5Rg9QvsoRR4EMncSGxlerJ9W6B....</sessionKey>
</response>

Please suggest. Apologies for the editing, I'm new at this.

Thanks

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

whrg
Motivator
‎12-19-2018 04:33 AM

Hello @mukesh2019,

You are using the wrong port.

Splunk's management port is 8089. You also need to use https instead of http.

Also remove the language modifier. It should look like this:

https://host.domain.com:8089/services/search/jobs

Check out the REST API documentation.

View solution in original post

Reply
Solved! Jump to solution
Solution

whrg
Motivator
‎12-19-2018 04:33 AM

Hello @mukesh2019,

You are using the wrong port.

Splunk's management port is 8089. You also need to use https instead of http.

Also remove the language modifier. It should look like this:

https://host.domain.com:8089/services/search/jobs

Check out the REST API documentation.

Reply
Solved! Jump to solution

mukesh2019
Explorer
‎12-19-2018 07:12 AM

Thanks a lot 🙂

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...