Monitoring Splunk

How can I disable splunk auth for the command-line

katzj
Engager

I have a regularly scheduled job which generates a log-file which I then use my local splunk light-forwarder to send to a remote splunk instance with splunk add oneshot $LOG_FILE -sourcetype $SOURCE

This ends up requiring authentication. I know that I could hard-code a "-auth user:pass" argument into the script as well, but I'd prefer to not do that and instead be able to just disable authentication on the local host for splunk cli access. Is there a way to do this?

Tags (1)
1 Solution

araitz
Splunk Employee
Splunk Employee

Just dump the file in a batch directory such as $SPLUNK_HOME/var/spool/splunk. This does not require authentication, and you can control the sourcetype, source, etc with dynamic metadata assignment:

http://docs.splunk.com/Documentation/Splunk/latest/Data/Assignmetadatatoeventsdynamically

View solution in original post

araitz
Splunk Employee
Splunk Employee

Just dump the file in a batch directory such as $SPLUNK_HOME/var/spool/splunk. This does not require authentication, and you can control the sourcetype, source, etc with dynamic metadata assignment:

http://docs.splunk.com/Documentation/Splunk/latest/Data/Assignmetadatatoeventsdynamically

maraman_splunk
Splunk Employee
Splunk Employee
0 Karma

thartmann
Path Finder

I actually think this would be useful as well, something like kerberos's kadmin.local binary.

0 Karma

Genti
Splunk Employee
Splunk Employee

I do not think you can disable authentication. You have two options that i can think of:

  • `./splunk login` before you run the script
  • use:
    `export SPLUNK_USERNAME=admin`
    `export SPLUNK_PASSWORD=changeme`

cheers!
.gz

eddiet
Explorer

i couldn't find this, where is this documented?

0 Karma

eddiet
Explorer

where is this username/password envvar documented?

dmahler99
Explorer

the export of the user password into environment variables worked great... thanks

charleswheelus
Path Finder

This approach is just what I was looking for. Thanks!

Get Updates on the Splunk Community!

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...