Splunk Cloud Platform

not able to login to splunk using shell

anshulchopra
Loves-to-Learn

I m trying to login splunk using my sc_admin user through shell script where i want to login and fetch the logs according to the string which i will give but it is failing could you please help me for the same
script:

#!/bin/bash

# Splunk API endpoint
SPLUNK_URL="https://prd-p-cbutz.splunkcloud.com:8089"
# Splunk username and password
USERNAME=$Username
PASSWORD=$Password


# Search query to retrieve error messages (modify this as needed)
SEARCH_QUERY="sourcetype=error"
# Maximum number of results to retrieve
MAX_RESULTS=10

response=$(curl -k -s -v -u "$USERNAME:$PASSWORD" "$SPLUNK_URL/services/auth/login" -d "username=$USERNAME&password=$PASSWORD")
echo "Response from login endpoint: $response"

# Authenticate with Splunk and obtain a session token
#SESSION_TOKEN=$(curl -k -s -u "$USERNAME:$PASSWORD" "$SPLUNK_URL/services/auth/login" -d "username=$USERNAME&password=$PASSWORD" | xmllint --xpath "//response/sessionKey/text()" -)
SESSION_TOKEN=$(curl -k -s -v -u "$USERNAME:$PASSWORD" "$SPLUNK_URL/services/auth/login" -d "username=$USERNAME&password=$PASSWORD" | grep -oP '<sessionKey>\K[^<]+' | awk '{print $1}')


if [ -z "$SESSION_TOKEN" ]; then
echo "Failed to obtain a session token. Check your credentials or Splunk URL."
exit 1
fi

# Perform a search and retrieve error messages
SEARCH_RESULTS=$(curl -k -s -u ":$SESSION_TOKEN" "$SPLUNK_URL/services/search/jobs/export" -d "search=$SEARCH_QUERY" -d "count=$MAX_RESULTS")

# Check for errors in the search results
if [[ $SEARCH_RESULTS == *"ERROR"* ]]; then
echo "Error occurred while fetching search results:"
echo "$SEARCH_RESULTS"
exit 1
fi

# Parse the JSON results and extract relevant information
echo "Splunk Error Messages:"
echo "$SEARCH_RESULTS" | jq -r '.result | .[] | .sourcetype + ": " + .message'

# Clean up: Delete the search job
curl -k -u ":$SESSION_TOKEN" "$SPLUNK_URL/services/search/jobs" -X DELETE

# Logout: Terminate the session
curl -k -u ":$SESSION_TOKEN" "$SPLUNK_URL/services/auth/logout"

exit 0

even i m also not sure about is i m using the correct port number or not 
error:  $ bash abc.sh
* Trying 44.196.237.135:8089...
* connect to 44.196.237.135 port 8089 failed: Timed out
* Failed to connect to prd-p-cbutz.splunkcloud.com port 8089 after 21335 ms: Couldn't connect to server
* Closing connection 0
Response from login endpoint:
* Trying 44.196.237.135:8089...
* connect to 44.196.237.135 port 8089 failed: Timed out
* Failed to connect to prd-p-cbutz.splunkcloud.com port 8089 after 21085 ms: Couldn't connect to server
* Closing connection 0
Failed to obtain a session token. Check your credentials or Splunk URL.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

You don't say if this a Trial account or not, but Splunk Cloud trial accounts do not have access to the REST API.

Time out errors typically come from firewalls or other network devices that drop connection attempts.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...