Splunk Dev

Python SDK ABC example — not working (SSL: UNKNOWN_PROTOCOL error)

benridescout
Explorer

New to Splunk and Python... Trying to get up and running with the Python SDK. Installed the SDK for Python libraries, and modified the splunk-sdk-python-master/examples/abc/a.py file with values that work to log in to our Enterprise installation via the web:

import httplib 
#etc

HOST = "54.xxx.xxx.xxx"
PORT = 8000
USERNAME = "my-username"
PASSWORD = "my-password"

#etc etc

When I run this from the terminal with

python a.py

I get the following error:

Traceback (most recent call last):
File "/Users/ben/Desktop/splunk-sdk-python-master/examples/abc/a.py", line 38, in <module>
    connection.request("POST", "/services/auth/login", body, headers)
  File "/Users/ben/anaconda/lib/python2.7/httplib.py", line 1001, in request
    self._send_request(method, url, body, headers)
  File "/Users/ben/anaconda/lib/python2.7/httplib.py", line 1035, in _send_request
    self.endheaders(body)
  File "/Users/ben/anaconda/lib/python2.7/httplib.py", line 997, in endheaders
    self._send_output(message_body)
  File "/Users/ben/anaconda/lib/python2.7/httplib.py", line 850, in _send_output
    self.send(msg)
  File "/Users/ben/anaconda/lib/python2.7/httplib.py", line 812, in send
    self.connect()
  File "/Users/ben/anaconda/lib/python2.7/httplib.py", line 1212, in connect
    server_hostname=server_hostname)
  File "/Users/ben/anaconda/lib/python2.7/ssl.py", line 350, in wrap_socket
    _context=self)
  File "/Users/ben/anaconda/lib/python2.7/ssl.py", line 566, in __init__
    self.do_handshake()
  File "/Users/ben/anaconda/lib/python2.7/ssl.py", line 788, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:581)

Can anyone suggest what I might be doing wrong? Thanks!

dformoso
Engager

I'm getting exactly the same issue. From 2.7.10 not working, downgraded to 2.7.6, to a.py not working and c.py working. Ports and credentials checked.

0 Karma

benridescout
Explorer

OK, folks—I think I figured a few things out here. Thank you to all of you who suggested using port 8089 instead of 8000. That was certainly part of the problem.

The two other problems I've identified are:

  1. The ABC examples, at least (I don't know about the rest of the python SDK), don't seem to work under Python v2.7.10. When I tried running the c.py example (with port 8089) under Python v2.7.8, I was able to get it to work—it connects and returns the list of installed apps as expected.
  2. The a.py example, however, seems to have another problem. With the same login credentials, port, and in the same environment, it returns this error:

    (splunksnake)Bens-MacBook-Pro-2:~ ben$ python /Users/ben/Desktop/splunk-sdk-python-master\ 2/examples/abc/a.py
    Traceback (most recent call last):
    File "/Users/ben/Desktop/splunk-sdk-python-master 2/examples/abc/a.py", line 45, in
    sessionKey = ElementTree.XML(body).findtext("./sessionKey")
    File "/Users/ben/anaconda/envs/splunksnake/lib/python2.7/xml/etree/ElementTree.py", line 1301, in XML
    return parser.close()
    File "/Users/ben/anaconda/envs/splunksnake/lib/python2.7/xml/etree/ElementTree.py", line 1654, in close
    self._raiseerror(v)
    File "/Users/ben/anaconda/envs/splunksnake/lib/python2.7/xml/etree/ElementTree.py", line 1506, in _raiseerror
    raise err
    xml.etree.ElementTree.ParseError: no element found: line 1, column 0

Using curl from the terminal, I can see the Splunk instance is returning a sessionKey, so perhaps there is an issue with the way that key is being handled.

Anyway, thanks again for your help sorting this out!

0 Karma

Damien_Dallimor
Ultra Champion
PORT = 8000

That is the wrong port.
The SplunkD Management port is 8089 by default (as per what is actually in the a.py example).

PORT = 8089
0 Karma

jnicholsenernoc
Path Finder

Make sure you are using the right port for your instance.

0 Karma

benridescout
Explorer

Ah, OK. The port 8000 works for accessing the instance through the web interface. Should I use a different port for access via the Python SDK?

0 Karma

vinitatsky
Communicator

Can you try 8089

0 Karma

benridescout
Explorer

OK, I tried port 8089—it still fails at line 38, but the error message is now:

ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
0 Karma

jnicholsenernoc
Path Finder

Are you using a self-signed cert? Keystore up to date?

0 Karma

benridescout
Explorer

I don't know—let me find out. Thank you for the suggestion!

0 Karma

jnicholsenernoc
Path Finder

Should be the Splunk management port, 8089
http://dev.splunk.com/view/python-sdk/SP-CAAAEFC

0 Karma

benridescout
Explorer

The rest of the file is as downloaded from the SDK for Splunk. Here's the file in its entirety, as used, except for the server/login credentials:

# Copyright 2011-2014 Splunk, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"): you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

"""Retrieves a list of installed apps from Splunk by making REST API calls
   using Python's httplib module."""

import httplib
import urllib
from xml.etree import ElementTree

HOST = "54.xxx.xxx.xxx"
PORT = 8000
USERNAME = "my-username"
PASSWORD = "my-password"

# Present credentials to Splunk and retrieve the session key
connection = httplib.HTTPSConnection(HOST, PORT)
body = urllib.urlencode({'username': USERNAME, 'password': PASSWORD})
headers = { 
    'Content-Type': "application/x-www-form-urlencoded", 
    'Content-Length': str(len(body)),
    'Host': HOST,
    'User-Agent': "a.py/1.0",
    'Accept': "*/*"
}
try:
    connection.request("POST", "/services/auth/login", body, headers)
    response = connection.getresponse()
finally:
    connection.close()
if response.status != 200:
    raise Exception, "%d (%s)" % (response.status, response.reason)
body = response.read()
sessionKey = ElementTree.XML(body).findtext("./sessionKey")

# Now make the request to Splunk for list of installed apps
connection = httplib.HTTPSConnection(HOST, PORT)
headers = { 
    'Content-Length': "0",
    'Host': HOST,
    'User-Agent': "a.py/1.0",
    'Accept': "*/*",
    'Authorization': "Splunk %s" % sessionKey,
}
try:
    connection.request("GET", "/services/apps/local", "", headers)
    response = connection.getresponse()
finally:
    connection.close()
if response.status != 200:
    raise Exception, "%d (%s)" % (response.status, response.reason)

body = response.read()
data = ElementTree.XML(body)
apps = data.findall("{http://www.w3.org/2005/Atom}entry/{http://www.w3.org/2005/Atom}title")
for app in apps: 
    print app.text

vinitatsky
Communicator

Can you please copy some code from a.py file, specially some code around line 38 (few lines above and below).

File "/Users/ben/Desktop/splunk-sdk-python-master/examples/abc/a.py", line 38, in
connection.request("POST", "/services/auth/login", body, headers)

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...