Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

get session key for included javascript app with logged in user

hkonzmann
Explorer
‎07-24-2017 05:53 AM

i have included a react app into the splunk app. its just one aggregated file.
i want to trigger a upload via rest api (receivers/stream) to upload some csv data. my problem is that i need the session key for the request header (authorization: splunk )

i am already logged in as admin and dont want to start a new session via JS. how is it possible to get (best way with JS because i am not able to use python) the current user with session key for my rest api call?

thanks in advantage.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

docwalter
Engager
‎07-27-2017 05:27 AM

To reuse an existing Splunk web session for Javascript REST API calls, you obviously have to transfer the CSRF cookie content into an HTTP header. This is what works for me (Splunk 6.6.2):

var xhr = new XMLHttpRequest();
xhr.open('POST', '/en-US/splunkd/__raw/services/data/indexes', true);
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
xhr.setRequestHeader('X-Splunk-Form-Key', document.cookie.match(/splunkweb_csrf_token_8000=(\d+)/)[1]); 
xhr.send("name=mybrandnewindex&output_mode=json")

View solution in original post

Reply
Solved! Jump to solution
Solution

docwalter
Engager
‎07-27-2017 05:27 AM

To reuse an existing Splunk web session for Javascript REST API calls, you obviously have to transfer the CSRF cookie content into an HTTP header. This is what works for me (Splunk 6.6.2):

var xhr = new XMLHttpRequest();
xhr.open('POST', '/en-US/splunkd/__raw/services/data/indexes', true);
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
xhr.setRequestHeader('X-Splunk-Form-Key', document.cookie.match(/splunkweb_csrf_token_8000=(\d+)/)[1]); 
xhr.send("name=mybrandnewindex&output_mode=json")
Reply
Solved! Jump to solution

s2_splunk
Splunk Employee
Splunk Employee
‎07-24-2017 11:35 AM

Take a look here, do a find on the page for "Retrieve" and take a look at the example code.

0 Karma
Reply
Solved! Jump to solution

hkonzmann
Explorer
‎07-24-2017 11:52 PM

@ssievert i have seen this already. this method uses its own login script with a loginmask to store jquery cookies. but if i am already logged in from the default login, the user has a session and a session key. but it is stored in http-only cookies which i cannot read out.

i dont want the user logs in two times.

0 Karma
Reply
Solved! Jump to solution

s2_splunk
Splunk Employee
Splunk Employee
‎07-25-2017 03:39 PM

OK, I see. I didn't notice that. You don't have access to the sessionToken, so the only other option is to try to post to the raw REST endpoint: /en-US/splunkd/__raw/servicesNS/admin/<app>/...
Give that a whirl and let us know what happens.

Reply
Solved! Jump to solution

hkonzmann
Explorer
‎07-25-2017 10:37 PM

@ssievert i tried this yesterday and it gives me a CSRF error (CSRF validation failed). i checked splunkd.log and the expected key and the given key is completley identical. i call the rest api via fetch + credentials:same-origin.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...