Re: (401 Unauthorized Exception)Unable to send que...

madhuinfy · ‎07-29-2013

Hi,
I am connecting splunk with java sdk and trying to send a query. Its getting connected but when i am trying to send a query it behaves weirdly .Some time it gives the result but some times it gives com.splunk.HttpException: HTTP 401 -- call not properly authenticated.
The same query executes fine but most of the time it gives the above exception. I am unable to proceed further due to the above issue. Kindly help me out. Please find the below code.
ServiceArgs loginArgs = new ServiceArgs();
loginArgs.setUsername("username");
loginArgs.setPassword("password");
loginArgs.setHost("hostname");
loginArgs.setPort(8089);
Service service = Service.connect(loginArgs);
System.out.println("Connected");
String searchQuery_normal ="search index=app sourcetype=tomcat_access host=\"cglita*\" (source=\"/var/opt/tomcat/logs/saelHDcomNavAndSearchWebService/access.log\" OR source=\"/var/opt/tomcat/logs/saelHDcomProductDataWebService/access.log\" OR source=\"/var/opt/tomcat/logs/saelOnlineStoreFinder/access.log\") uri!=\"Probe\"| timechart count as \"Pageviews\", avg(response_time) as \"Response Time\" by source | tail 5 ";
JobArgs jobargs = new JobArgs();
jobargs.setExecutionMode(JobArgs.ExecutionMode.NORMAL);
jobargs.setEarliestTime("-15m@m");
jobargs.setLatestTime("now");
Job job = service.getJobs().create(searchQuery_normal,jobargs);
JobResultsArgs resultsArgs = new JobResultsArgs();
resultsArgs.setOutputMode(JobResultsArgs.OutputMode.XML);
InputStream results = job.getResults(resultsArgs);
ResultsReaderXml resultsReader=new ResultsReaderXml(results);
//ResultsReaderCsv resultsReader=new ResultsReaderCsv(results);
//ResultsReaderJson resultsReader = new ResultsReaderJson(results);
HashMap event;
System.out.println("\nFormatted results from the search job as CSV\n");
while ((event = resultsReader.getNextEvent()) != null) {
for (String key: event.keySet())
System.out.println(" " + key + ": " + event.get(key));
}
resultsReader.close();
} catch (Exception e) {
e.printStackTrace();

madhuinfy · ‎07-29-2013

Hi,
Most of the time they only start occurring after a period of time, but some times it will through in the beginning of the execution only

madhuinfy · ‎07-29-2013

Hi,
Most of the time they only start occurring after a period of time, but some times it will through in the beginning of the execution only.

madhuinfy · ‎07-29-2013

Hi,
There is nothing between splunkd and java client. I am just using my ldap id and password to connect to splunk. No service object is not a singleton in my code.

Damien_Dallimor · ‎07-29-2013

Is there anything on the network between your java client and splunkd that could be affecting the authentication token in the HTTP header ?Or anything in you code ?

How are you using your Service object in your code ? Singleton ?

madhuinfy · ‎07-29-2013

splunk server is located in a remote system so i cannot see the details of server.conf. but if i login to splunk app directly and execute the query , it executes as many times as i want with out any issue. I guess there is no problem with the session time out else i would get the same error when i run the query with splunk web.

Damien_Dallimor · ‎07-29-2013

what is the sessionTimeout value in server.conf

Damien_Dallimor · ‎07-29-2013

Are the 401 errors interleaved with successful requests , or do they only start occurring after a period of time ?

(401 Unauthorized Exception)Unable to send query using java SDK

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series: Splunk Observability Metrics Cost Optimization

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Join the Conversation