- Splunk Answers
- :
- Splunk Platform Products
- :
- Splunk Cloud Platform
- :
- not able to login to splunk using shell
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
not able to login to splunk using shell
I m trying to login splunk using my sc_admin user through shell script where i want to login and fetch the logs according to the string which i will give but it is failing could you please help me for the same
script:
#!/bin/bash
# Splunk API endpoint
SPLUNK_URL="https://prd-p-cbutz.splunkcloud.com:8089"
# Splunk username and password
USERNAME=$Username
PASSWORD=$Password
# Search query to retrieve error messages (modify this as needed)
SEARCH_QUERY="sourcetype=error"
# Maximum number of results to retrieve
MAX_RESULTS=10
response=$(curl -k -s -v -u "$USERNAME:$PASSWORD" "$SPLUNK_URL/services/auth/login" -d "username=$USERNAME&password=$PASSWORD")
echo "Response from login endpoint: $response"
# Authenticate with Splunk and obtain a session token
#SESSION_TOKEN=$(curl -k -s -u "$USERNAME:$PASSWORD" "$SPLUNK_URL/services/auth/login" -d "username=$USERNAME&password=$PASSWORD" | xmllint --xpath "//response/sessionKey/text()" -)
SESSION_TOKEN=$(curl -k -s -v -u "$USERNAME:$PASSWORD" "$SPLUNK_URL/services/auth/login" -d "username=$USERNAME&password=$PASSWORD" | grep -oP '<sessionKey>\K[^<]+' | awk '{print $1}')
if [ -z "$SESSION_TOKEN" ]; then
echo "Failed to obtain a session token. Check your credentials or Splunk URL."
exit 1
fi
# Perform a search and retrieve error messages
SEARCH_RESULTS=$(curl -k -s -u ":$SESSION_TOKEN" "$SPLUNK_URL/services/search/jobs/export" -d "search=$SEARCH_QUERY" -d "count=$MAX_RESULTS")
# Check for errors in the search results
if [[ $SEARCH_RESULTS == *"ERROR"* ]]; then
echo "Error occurred while fetching search results:"
echo "$SEARCH_RESULTS"
exit 1
fi
# Parse the JSON results and extract relevant information
echo "Splunk Error Messages:"
echo "$SEARCH_RESULTS" | jq -r '.result | .[] | .sourcetype + ": " + .message'
# Clean up: Delete the search job
curl -k -u ":$SESSION_TOKEN" "$SPLUNK_URL/services/search/jobs" -X DELETE
# Logout: Terminate the session
curl -k -u ":$SESSION_TOKEN" "$SPLUNK_URL/services/auth/logout"
exit 0even i m also not sure about is i m using the correct port number or not
error: $ bash abc.sh
* Trying 44.196.237.135:8089...
* connect to 44.196.237.135 port 8089 failed: Timed out
* Failed to connect to prd-p-cbutz.splunkcloud.com port 8089 after 21335 ms: Couldn't connect to server
* Closing connection 0
Response from login endpoint:
* Trying 44.196.237.135:8089...
* connect to 44.196.237.135 port 8089 failed: Timed out
* Failed to connect to prd-p-cbutz.splunkcloud.com port 8089 after 21085 ms: Couldn't connect to server
* Closing connection 0
Failed to obtain a session token. Check your credentials or Splunk URL.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You don't say if this a Trial account or not, but Splunk Cloud trial accounts do not have access to the REST API.
Time out errors typically come from firewalls or other network devices that drop connection attempts.
If this reply helps you, Karma would be appreciated.
.conf24 | Day 0
Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...
Troubleshooting the OpenTelemetry Collector
