Getting Data In

get session key for included javascript app with logged in user

hkonzmann
Explorer

i have included a react app into the splunk app. its just one aggregated file.
i want to trigger a upload via rest api (receivers/stream) to upload some csv data. my problem is that i need the session key for the request header (authorization: splunk )

i am already logged in as admin and dont want to start a new session via JS. how is it possible to get (best way with JS because i am not able to use python) the current user with session key for my rest api call?

thanks in advantage.

0 Karma
1 Solution

docwalter
Engager

To reuse an existing Splunk web session for Javascript REST API calls, you obviously have to transfer the CSRF cookie content into an HTTP header. This is what works for me (Splunk 6.6.2):

var xhr = new XMLHttpRequest();
xhr.open('POST', '/en-US/splunkd/__raw/services/data/indexes', true);
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
xhr.setRequestHeader('X-Splunk-Form-Key', document.cookie.match(/splunkweb_csrf_token_8000=(\d+)/)[1]); 
xhr.send("name=mybrandnewindex&output_mode=json")

View solution in original post

docwalter
Engager

To reuse an existing Splunk web session for Javascript REST API calls, you obviously have to transfer the CSRF cookie content into an HTTP header. This is what works for me (Splunk 6.6.2):

var xhr = new XMLHttpRequest();
xhr.open('POST', '/en-US/splunkd/__raw/services/data/indexes', true);
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
xhr.setRequestHeader('X-Splunk-Form-Key', document.cookie.match(/splunkweb_csrf_token_8000=(\d+)/)[1]); 
xhr.send("name=mybrandnewindex&output_mode=json")

s2_splunk
Splunk Employee
Splunk Employee

Take a look here, do a find on the page for "Retrieve" and take a look at the example code.

0 Karma

hkonzmann
Explorer

@ssievert i have seen this already. this method uses its own login script with a loginmask to store jquery cookies. but if i am already logged in from the default login, the user has a session and a session key. but it is stored in http-only cookies which i cannot read out.

i dont want the user logs in two times.

0 Karma

s2_splunk
Splunk Employee
Splunk Employee

OK, I see. I didn't notice that. You don't have access to the sessionToken, so the only other option is to try to post to the raw REST endpoint: /en-US/splunkd/__raw/servicesNS/admin/<app>/...
Give that a whirl and let us know what happens.

hkonzmann
Explorer

@ssievert i tried this yesterday and it gives me a CSRF error (CSRF validation failed). i checked splunkd.log and the expected key and the given key is completley identical. i call the rest api via fetch + credentials:same-origin.

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...