Solved: How to pass credentials within custom search comma... - Page 2

elekanne · ‎02-26-2016

I'm building a custom search command (in Python with the SDK 1.5). From within the script (search command), I need to connect to the Splunk instance to execute some extra searches and retrieve some kv collections.

To have a service object to Splunk I use:

service = client.connect( username=, password=, app=)

But I do not want to have the username and password part of this script. I have tried "passauth" from the commands.conf, but I do not seem to get a token or session.

Is there a way to pass credentials to this type of script?

elekanne · ‎03-02-2016

I found the answer. If i do:

logger.debug("session token key is: %s", self._metadata.searchinfo.session_key)
service = client.connect( token=self._metadata.searchinfo.session_key)
for app in service.apps:
    logger.debug("apps: %s", app['name'])

Then the session token is retrieved. The generating command derives from a search command which has this information.
The same applies for getting the version of splunk you're running which is self._metadata.searchinfo.splunk_version

View solution in original post

How to pass credentials within custom search command using Python SDK 1.5

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination

Hunt Smarter, Not Harder: Discover New SPL “Recipes” in Our Threat Hunting Webinar

Are you a member of the Splunk Community?

How to pass credentials within custom search command using Python SDK 1.5

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination

Hunt Smarter, Not Harder: Discover New SPL “Recipes” in Our Threat Hunting Webinar