Getting Data In

Not able to authenticate Splunk REST API with Postman

spammenot66
Contributor

I'm able to confirm this works for me curl command is working for me. It returns a session ID.
curl -k https://splunkdomain.local:8089/services/auth/login --data-urlencode username={username} --data-urlencode password={password}

Using the same end point in Postman, it complains "Login failed". Can someone please assist? alt text

1 Solution

Chepech
Engager

So this is what I did to solve it... I noticed that the cURL generated by postman was not working and getting the exact same error you are seeing on the UI, this cURL command looks something like:

Spoiler
curl --location --request POST -k 'https://{{host}}:8089/services/auth/login' \
--data-urlencode 'username={{user}}' \
--data-urlencode 'password={{password}}'

So What I did was:

  • Go into Postman and click IMPORT
  • On the import Dialog go to the RAW Text tab and paste this:
    • Spoiler
      curl -k https://{{host}}:8089/services/auth/login --data-urlencode username={{user}} --data-urlencode password={{pass}}

And hit IMPORT, this will generate a working request. If you look at the cURL generated by it the only difference is that it actually sets the Content-Type header which seems to so the trick. It now looks something like this:

 

Spoiler
curl --location --request POST -k 'https://{{host}}:8089/services/auth/login' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username={{user}}' \
--data-urlencode 'password={{pass}}'

Trying this curl command on the terminal will also work.

 

View solution in original post

Chepech
Engager

Im stuck on the same issue, but if you look closely its not an AUTH falied, it is really a 400 Bad Request error, I'v been trying different ways to call the API on Postman but so far I haven't been able to get it working, but it works on cURL and using Requests on Python, so its definitively something related to the message formatting that is causing this.

0 Karma

Chepech
Engager

So this is what I did to solve it... I noticed that the cURL generated by postman was not working and getting the exact same error you are seeing on the UI, this cURL command looks something like:

Spoiler
curl --location --request POST -k 'https://{{host}}:8089/services/auth/login' \
--data-urlencode 'username={{user}}' \
--data-urlencode 'password={{password}}'

So What I did was:

  • Go into Postman and click IMPORT
  • On the import Dialog go to the RAW Text tab and paste this:
    • Spoiler
      curl -k https://{{host}}:8089/services/auth/login --data-urlencode username={{user}} --data-urlencode password={{pass}}

And hit IMPORT, this will generate a working request. If you look at the cURL generated by it the only difference is that it actually sets the Content-Type header which seems to so the trick. It now looks something like this:

 

Spoiler
curl --location --request POST -k 'https://{{host}}:8089/services/auth/login' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'username={{user}}' \
--data-urlencode 'password={{pass}}'

Trying this curl command on the terminal will also work.

 

niketn
Legend

@spammenot66, following is what I had tried for HEC using JSON Data packet. I had to use http on my local, however, https should work if cURL worked fine for you.

https://wiki.splunk.com/User_talk:Niketnilay#Topic_5:_HTTP_Event_Collector_.28HEC.29_in_Windows_usin...

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...