Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Downloading lookup files via API returning 403 Forbidden

random_event
Explorer
‎10-20-2023 10:06 AM

I just updated the Splunk App for Lookup File Editing to the latest and now I can no longer download lookup files via CLI.  This has been working flawlessly in Splunk Cloud when I was running v3.6.0 but just updated to 4.0.1 (v4.0.2 not available in Cloud yet) and now I am getting 403 errors.

Through testing, I verified lookup endpoint is still valid, lookup shared at global level, and I even changed the permissions of the account to be sc_admin but still experiencing the same issue.  Has anyone else come across this and found a solution?  Same error no matter which lookup file I attempt to download.

My test command

 

python3 lut.py -app search -l geo_attr_countries.csv -app search
INFO:root:list of lookups to download: ['geo_attr_countries.csv']
ERROR:root:[failed] Error: Downloading file: 'geo_attr_countries.csv', status:403, reason:Forbidden, url:https://[REDACTED].splunkcloud.com:8089/services/data/lookup_edit/lookup_contents?lookup_type=csv&namespace=search&lookup_file=geo_attr_countries.csv

 

 Python script from here

Tags (1)
0 Karma
Reply

PTC_
Explorer
‎03-28-2024 04:01 AM

Was the issue fixed?
I'm having the exactly same issue and weeks ago it was working fine.

No change was done to the lookup/dataset permissions and the user I'm using to access is the owner of the lookup.

Could this be related to a splunk certificate being expired?
or something else?

0 Karma
Reply

random_event
Explorer
‎03-28-2024 06:21 AM

Unfortunately, I never found a solution.  If you happen to find the fix, please reply with it.

0 Karma
Reply

dsanders80
Loves-to-Learn Lots
‎12-06-2023 01:12 PM

You need to supply the owner in your call.  Just add "&owner=nobody" if it is a global lookup.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...