I think the above answers your question... you need to take that session key, and append it to a header called authorization, and then make the value equal 'Spunk ' + sessionKey, then use requests.post to post the request with the header and data, and if ssl is bad, verify = False.

Here's what my session key looks like when the above works:
'xXZNyBITUTA9nQDGv0OrBZSuc4mRF3pHtFlt80ie9FSB_m7uAsA6W0V1uXchpuuvoe_BGEUG0ILiz_6bAekoyl4DGlKs9KZTE^F'

I've tried this within a custom search command called motd linked to motd.py and for the life of me I cant get it to work. The script executes fine even when I use the session key from cherrypy or splunk.intersplunk. However, nothing ever shows up... then i swap over to a script like the above where user/pass is "hardcoded" and it works just fine. I'm using 6.3.2 and python

Here's where i left the code last:

import cherrypy
import requests
import splunk.Intersplunk as si
import splunk.mining.dcutils as dcu

logger = dcu.getLogger()

help = """------------------------------------------------------------------------------------
motd title message severity
------------------------------------------------------------------------------------"""

contexthelp = """------------------------------------------------------------------------------------
motd creates a bulletin message
------------------------------------------------------------------------------------"""

def motd(title="default title",message="default message",sev="info"):
 try:
  sessionKey = cherrypy.session.get('sessionKey')
  uri = "https://localhost:8089/services/messages/new"
  headers = {'Authorization':'Splunk '}
  headers['Authorization'] =  str(headers['Authorization']) + sessionKey
  data ={'name':str(title),'value':str(message),'severity':str(sev)}
  r = requests.post(uri, headers=headers, data=data, verify=False)
  if r.status_code<300:
   result = {'motd': 'true'}
   si.outputResults(result)
  else:
   logger.error(r.status_code)
   si.outputResults(result)
 except Exception, e:
  logger.exception(e)

Ok, I was able to get it working... but not using the session from cherrypy. No clue why I cant get that session. So the example below hardcodes admin user/pass.

import sys
import re
import json
import requests
import splunk.Intersplunk 
import splunk.mining.dcutils as dcu

logger = dcu.getLogger()

help = """------------------------------------------------------------------------------------
motd title="title" message="message" severity="{warn|info|error}"
------------------------------------------------------------------------------------"""

contexthelp = """------------------------------------------------------------------------------------
motd creates a bulletin message
------------------------------------------------------------------------------------"""
def getSession(username,password):
 uri = "https://localhost:8089/services/auth/login"
 r = requests.get(uri, data={'username':username,'password':password}, verify=False)
 sessionkey = re.sub('"',"",json.dumps(re.sub('<response>\n\s+<sessionKey>|<\/sessionKey>\n<\/response>\n',"",r.text)))
 return sessionkey

def motd(results,sessionKey, title="default title",message="default message",severity="info"):
 try:
  uri = "https://localhost:8089/services/messages/new"
  #headers = {'Authorization':'Splunk '}
  headers = {'Authorization':''}
  headers['Authorization'] = 'Splunk ' + sessionKey
  data = {'name':title,'value':message,'severity':severity}
  logger.info(data)
  r = requests.post(uri, headers=headers, data=data, verify=False)
  if r.status_code<300:
   logger.info("Status Code: " + str(r.status_code))
   for result in results:
    result["motd"] = "true"
   return results
  else:
   logger.error("Status Code: " + str(r.status_code))
   for result in results:
    result["motd"] = str(r.status_code) 
   return results
 except Exception, e:
  logger.exception(e)
  logger.exception("sessionKey: " + sessionKey)
  for result in results:
   result["motd"] = e
  return results

#get the arguments
(isgetinfo, sys.argv) = splunk.Intersplunk.isGetInfo(sys.argv)
for a in sys.argv[1:]:
 if a.startswith("title="):
  title = re.sub("^.*=","",a)
  logger.info("Title: " + title)
 if a.startswith("message="):
  message = re.sub("^.*=","",a)
  logger.info("Message: " + message)
 if a.startswith("severity=warn") or a.startswith("severity=error") or a.startswith("severity=info"):
  severity = re.sub("^.*=","",a)
  logger.info("Severity: " + severity)
 elif not a.startswith("severity=warn") or not a.startswith("severity=error") or not a.startswith("severity=info"):
  severity = "info"
  logger.warn("Severity not provided, defaulting to " + severity)
 elif isgetinfo:
   splunk.Intersplunk.parseError("Invalid argument '%s'" % a)

# get the previous search results
results,dummy,settings = splunk.Intersplunk.getOrganizedResults()

#create a session key using user/pass
sessionKey = getSession("admin","password")
logger.info(sessionKey)

#set the message of the day using the arguments, all of them are optional
motd = motd(results,sessionKey,title,message,severity)

# return the previous search results
splunk.Intersplunk.outputResults(motd)


commands.conf:
[motd]
filename = motd.py

Authorize.conf:
[capability::run_script_motd]

[role_admin]
run_script_motd = enabled

Execution

* | motd __EXECUTE__ title=te555st message=testdasdfasdf3e4r severity=error

Hi, I know this is late but I just wanted to share how I solved this myself. I used requests as jkat54 suggested, but used a session key rather than a hardcoded username and password. Because this is a modular input, the session key is passed in as part of the config XML - this can be seen here: http://docs.splunk.com/Documentation/Splunk/latest/AdvancedDev/ModInputsScripts

So I modified the part of my input which parsed the config out of that XML and added a section that pulls the session key out. From there you can just add it as a header to your request:

r = requests.post(uri, headers={'Authorization': 'Splunk %s' % sessionKey}, data={'name':'mySearch','value':'Hey ALL!','severity':'warn'}, verify=False)

Thanks jkat54 for responding, really appreciate your time.

The scenario is slightly different in that this is a modular input that gets distributed as an app from Splunk Base. The script that is the modular input doesnt know about any locally provisioned credentials and needs to rely on what was passed to it at the point is was invoked by splunkd.

When splunkd invokes a modular input is provides via STDIN configuration items, one of which is .

If I try an use the provided value as an authentication token to perform any REST action it fails with an authorization warning. Just for testing, if I authenticate with a locally provisioned user, capture the session token and use this token to perform the same REST action it works.

If anyone has any experience of using the splunkd provided to perform actions that would be great.

Can you rewrite your original question providing more details?

Originally i thought you wanted a scripted input that would create a message but you didnt want to use curl because it would expose the password in curl logs, etc. So my solution was to use requests, salt, etc.

I'll try it with py mod inputs but above would work as scripted input if hardcoding pass was option.

are you passing an "authorization" header?

Please share your "update [to the] endpoint". Somewhere in the routine it should create a header.

headers['authorization'] = 'Splunk ' + sessionkey

This makes auth header look something like this:

Splunk xXZNyBITUTA9nQDGv0OrBZSuc4mRF3pHtFlt80ie9FSB_m7uAsA6W0V1uXchpuuvoe_BGEUG0ILiz_6bAekoyl4DGlKs9KZTE^F

Thanks for the ideas and ill build something using this method.