Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk HEC: Python post requests fails with 401 Unauthorized client error while cURL requests are fine

spervez
New Member
‎10-15-2019 06:20 PM

I have created a python script to post json data to Splunk:

splunk_ep = 'https://xxx:8088/services/collector/event'
SPLUNK_TOKEN = os.getenv('SPLUNK_TOKEN')
auth_header = {'Authorization': SPLUNK_TOKEN, 'Content-Type': 'application/json'}

def SendToSplunk(data):
        response = requests.post(splunk_ep, json=data, headers=auth_header, verify = False)
        print(response)

It returns following error:
401 Client Error: Unauthorized for url: https://xxx:8088/services/collector/event

However, If use cURL with above params, it works fine. Please advise.
Thanks

0 Karma
Reply

starcher
Influencer
‎10-16-2019 05:34 AM

You could also use a pre-made HEC class.
https://github.com/georgestarcher/Splunk-Class-httpevent

Reply

renjith_nair
Legend
‎10-16-2019 04:09 AM

@spervez,

In the authorization header, you need to add the Splunk keyword "Authorization: Splunk <hec_token>" . If your environment variable does not have this, try adding the keyword.

---
What goes around comes around. If it helps, hit it with Karma 🙂
Reply

spervez
New Member
‎10-17-2019 03:59 PM

Hi Renjith,
Thanks for coming back.

I have resolved the issue and it was a stupid error I was making in using keyword SPLUNK instead of Splunk.

Regards

0 Karma
Reply

renjith_nair
Legend
‎10-18-2019 06:41 AM

@spervez, glad its working. If you think the above answer helped you to resolve the issue, accept/upvote.
Also try the class mentioned by George below. That will definitely help you to get going.

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...