Security

Using tokens in splunklib?

bojanz
Communicator

Hi,

I'm writing a custom command that is supposed to do some actions on Splunk through its REST interface so I wanted to use the SDK.
However, I'm having problems authenticating with the session token. Here's the setup:

In commands.conf:

[mycommand]
filename = mycommand.py
generating = true
maxinputs = 1
stderr_dest = message
passauth = true

The code (auth part):

import splunklib.client as client
import splunk.Intersplunk as si

settings = dict()
records = si.readResults(settings = settings, has_header = True)

sKey = settings['sessionKey']

service = client.connect(token=sKey)
a = service.apps["search"]
st = a.state()

And I don't get anything back.
If I change the client.connect call to use hardcoded credentials it works without any problems.
In Splunk I'm logged in as admin.

Any idea why I can't pass tokens like this to the Service class?

Tags (2)
0 Karma

David_Noble_at_
Explorer

Your configuration looks good. Assuming you've got a good session key client.connect should work. What value are you getting back from settings['sessionKey']?

0 Karma
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...

Reminder! Splunk Love Promo: $25 Visa Gift Card for Your Honest SOAR Review With ...

We recently launched our first Splunk Love Special, and it's gone phenomenally well, so we're doing it again, ...