Solved: Re: splunk-reskit-powershell 401

inicholson · ‎07-26-2012

I'm using splunk-reskit-powershell to access splunk, but running "Connect-Splunk -Credentials $credentials -ComputerName "$computername"" causes powershell to throw an error: "Invoke-HTTPPost : Exception calling "GetResponse" with "0" argument(s): "The remote server returned an error: (401) Unauthorized.""
What rights do I need in order to authenticate correctly?

halr9000 · ‎07-26-2012

401 is very simply an authentication error. So, this means one of the connection parameters are incorrect. Try running it with the -Verbose flag and if you look at the first several lines, you'll see it restate all of the connection parameters. For example:

VERBOSE: Performing operation "Connecting to port 8089 using protocol https with timeout 10000 (ms)" on Target "bd-idx-01.bd.splunk.com".

Double-check that the server, port, and protocol are correct. Also make sure that the credentials which you are supplying work against your Splunk instance.

The credentials that you supply need to have the same rights as what you expect to see when you connect. If you have an admin account, try that just to rule that out as an issue. I just tested a non-admin account and was able to connect to my search head, but not an indexer, so take that into consideration.

View solution in original post

E17769 · ‎10-13-2015

Thanks That works for me. Also, I included my domain name in my user id
EX:
$userName = Me@domain.com

Changed it to
$userName = Me

and it worked after that... It's always the little things

halr9000 · ‎07-26-2012

401 is very simply an authentication error. So, this means one of the connection parameters are incorrect. Try running it with the -Verbose flag and if you look at the first several lines, you'll see it restate all of the connection parameters. For example:

VERBOSE: Performing operation "Connecting to port 8089 using protocol https with timeout 10000 (ms)" on Target "bd-idx-01.bd.splunk.com".

Double-check that the server, port, and protocol are correct. Also make sure that the credentials which you are supplying work against your Splunk instance.

The credentials that you supply need to have the same rights as what you expect to see when you connect. If you have an admin account, try that just to rule that out as an issue. I just tested a non-admin account and was able to connect to my search head, but not an indexer, so take that into consideration.

piebob · ‎07-26-2012

in the future, if the answer is correct/solves your problem, please accept the answer by clicking the checkmark (i've done it for you). thanks!

inicholson · ‎07-26-2012

Figured it out! I was trying to authenticate with "username$domain.tld", but splunk was expecting "username".

E17769 · ‎10-13-2015

Thanks the helped me. I included my domain name in my user name and that was the issue.

splunk-reskit-powershell 401

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Are you a member of the Splunk Community?

splunk-reskit-powershell 401

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...