I am trying to connect with REST API and I am able to use this guide https://answers.splunk.com/answers/685730/can-i-use-rest-api-without-curl.html
I can obtain the session key but on using that, I still get an unauthorized error when trying to pull results of a search.
I am going through a proxy server to make my request and avoid CORS issues. Any pointers woul dbe appreciated.
Have you set the splunk admin user/password? If you're using the default, you can't authenticate with the rest endpoints. A UNiversal forwarder behaves this way at least...
Doesn't appear you're setting the authorization header correctly in the 2nd example. Use the same xhdr method you used in the first example but set it with "Authorization: Splunk AUTHTOKEN"
beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', 'Splunk' + authtoken);
Tried this as well. Still Giving a 401. FYI, these API calls are going through the browser - using client side JS.
Did you look at your request with packet sniffing or software proxy like fiddler by telerik?
Something is wrong with your post. It's that simple. Otherwise you wouldn't get 401.
Is there a space in the header between Splunk and token?
No spaces, Yes i did try to check the request but everything looked fine
The session key is being used to make a POST call to create a job and a GET call to retrieve the results of that job.,,The session key is being used to make a POST call to create a search and then make a GET call to get the search results.
How are you using the session key?
An example of your POST please...
Here's the example
$.ajax({
url: url,
type: "POST",
contentType: "application/json",
dataType: "json",
data:'{"search" : "search index=esys_shibboleth OR index= Shibboleth-Audit", "output_mode":"json"}',
beforeSend: function (xhr) {
xhr.setRequestHeader('Authorization', 'Basic' + btoa("username:password"));
Instead of passing the username and password if the session key (obtained a login POST call) is passed in this manner :
$.ajax({
url: url,
type: "POST",
contentType: "application/json",
"Authorization": "Splunk " + sessionkey,
dataType: "json",
data:'{"search" : "search index=esys_shibboleth OR index= Shibboleth-Audit", "output_mode":"json"}',
still throws a 401