Splunk Cloud Platform

not able to login to splunk using shell

anshulchopra
Loves-to-Learn

I m trying to login splunk using my sc_admin user through shell script where i want to login and fetch the logs according to the string which i will give but it is failing could you please help me for the same
script:

#!/bin/bash

# Splunk API endpoint
SPLUNK_URL="https://prd-p-cbutz.splunkcloud.com:8089"
# Splunk username and password
USERNAME=$Username
PASSWORD=$Password


# Search query to retrieve error messages (modify this as needed)
SEARCH_QUERY="sourcetype=error"
# Maximum number of results to retrieve
MAX_RESULTS=10

response=$(curl -k -s -v -u "$USERNAME:$PASSWORD" "$SPLUNK_URL/services/auth/login" -d "username=$USERNAME&password=$PASSWORD")
echo "Response from login endpoint: $response"

# Authenticate with Splunk and obtain a session token
#SESSION_TOKEN=$(curl -k -s -u "$USERNAME:$PASSWORD" "$SPLUNK_URL/services/auth/login" -d "username=$USERNAME&password=$PASSWORD" | xmllint --xpath "//response/sessionKey/text()" -)
SESSION_TOKEN=$(curl -k -s -v -u "$USERNAME:$PASSWORD" "$SPLUNK_URL/services/auth/login" -d "username=$USERNAME&password=$PASSWORD" | grep -oP '<sessionKey>\K[^<]+' | awk '{print $1}')


if [ -z "$SESSION_TOKEN" ]; then
echo "Failed to obtain a session token. Check your credentials or Splunk URL."
exit 1
fi

# Perform a search and retrieve error messages
SEARCH_RESULTS=$(curl -k -s -u ":$SESSION_TOKEN" "$SPLUNK_URL/services/search/jobs/export" -d "search=$SEARCH_QUERY" -d "count=$MAX_RESULTS")

# Check for errors in the search results
if [[ $SEARCH_RESULTS == *"ERROR"* ]]; then
echo "Error occurred while fetching search results:"
echo "$SEARCH_RESULTS"
exit 1
fi

# Parse the JSON results and extract relevant information
echo "Splunk Error Messages:"
echo "$SEARCH_RESULTS" | jq -r '.result | .[] | .sourcetype + ": " + .message'

# Clean up: Delete the search job
curl -k -u ":$SESSION_TOKEN" "$SPLUNK_URL/services/search/jobs" -X DELETE

# Logout: Terminate the session
curl -k -u ":$SESSION_TOKEN" "$SPLUNK_URL/services/auth/logout"

exit 0

even i m also not sure about is i m using the correct port number or not 
error:  $ bash abc.sh
* Trying 44.196.237.135:8089...
* connect to 44.196.237.135 port 8089 failed: Timed out
* Failed to connect to prd-p-cbutz.splunkcloud.com port 8089 after 21335 ms: Couldn't connect to server
* Closing connection 0
Response from login endpoint:
* Trying 44.196.237.135:8089...
* connect to 44.196.237.135 port 8089 failed: Timed out
* Failed to connect to prd-p-cbutz.splunkcloud.com port 8089 after 21085 ms: Couldn't connect to server
* Closing connection 0
Failed to obtain a session token. Check your credentials or Splunk URL.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

You don't say if this a Trial account or not, but Splunk Cloud trial accounts do not have access to the REST API.

Time out errors typically come from firewalls or other network devices that drop connection attempts.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...