Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- REST in Splunk 7.0.1: Only 'nobody' allowed to acc...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
REST in Splunk 7.0.1: Only 'nobody' allowed to access kvstores?
Hi,
I am writing a script to push relevant data from our apps into a kvstore for use as a lookup.
When querying the api endpoint, I'm encountering an error.
The uri I'm accessing is: /services/storage/collections/config/?output_mode=json
HTTP 400:
{
"messages": [{
"type": "ERROR",
"text": "Must use user context of 'nobody' when interacting with collection configurations (used user='admin')"
}]
}
Hunting around for solutions, I found that this was a bug in earlier versions of Splunk.
From /answers/357860/create-a-custom-splunk-view-tutorial-not-working.html
The debug/refresh endpoint will reload configs that are available under /servicesNS/admin/search/admin endpoint. Under the admin endpoint, we have collection-conf endpoint which does provide _reload option, thus it would throw the following type of error.
In handler 'collections-conf': Must use user context of 'nobody' when interacting with collection configurations (used user='admin')
This collections-conf issue/error has now been addressed in the following releases:
- Splunk 6.2.8 - (bug: SPL-107404)
- Splunk 6.3.4 - (bug: SPL-111358)
- Splunk 6.4.0 - (bug: SPL-111360)
Is this also an error in 7.0.1 which is fixed in a later patch? If so I can ask our operations group to update it. If not, what am I doing wrong here?
Thank you very much.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Having same problem using splunk-python-sdk 1.6.5 against 7.0.2
Error : Traceback: Traceback (most recent call last):
File "anonymizer2.py", line 99, in
collection = myservice.kvstore['usercoll']
File "/opt/splunk/splunk-sdk-python/splunklib/client.py", line 1227, in getitem
response = self.get(key)
File "/opt/splunk/splunk-sdk-python/splunklib/client.py", line 1655, in get
return super(Collection, self).get(name, owner, app, sharing, **query)
File "/opt/splunk/splunk-sdk-python/splunklib/client.py", line 753, in get
**query)
File "/opt/splunk/splunk-sdk-python/splunklib/binding.py", line 289, in wrapper
return request_fun(self, *args, **kwargs)
File "/opt/splunk/splunk-sdk-python/splunklib/binding.py", line 71, in new_f
val = f(*args, **kwargs)
File "/opt/splunk/splunk-sdk-python/splunklib/binding.py", line 669, in get
response = self.http.get(path, self._auth_headers, **query)
File "/opt/splunk/splunk-sdk-python/splunklib/binding.py", line 1167, in get
return self.request(url, { 'method': "GET", 'headers': headers })
File "/opt/splunk/splunk-sdk-python/splunklib/binding.py", line 1228, in request
raise HTTPError(response)
HTTPError: HTTP 400 Bad Request -- Must use user context of 'nobody' when interacting with collection configurations (used user='intuser')
Tech Talk Recap | Mastering Threat Hunting
Observability for AI Applications: Troubleshooting Latency
Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?
