Splunk Enterprise Security

How do I get the sessionKey from a Splunk app's serverside python code?

robertlight
Path Finder

I have created a Splunk app and am sending ajax request to it from the browser.

The serverside python code will then make REST calls to Splunk.

I need access to the logged-in user's sessionKey to make my REST calls to Splunk.

How do I get it?

(I am actually asking this rhetorically since I know how to do it... but couldn't find the answer here)

1 Solution

robertlight
Path Finder

import cherrypy

sessionKey = cherrypy.session['sessionKey']

View solution in original post

michelecappelle
Engager

Just use the service object, getting it from the http request

// your http/ ajax controller

def home(request):
service = request.service
savedsearches = service.saved_searches

0 Karma

robertlight
Path Finder

My ajax controller looks like:

    @expose_page(must_login=True, trim_spaces=True, methods=['GET'])
    def getCurrent(self, **params):

where params is a dict {'type':'alert',.... }

I can't seem to get access to the request

0 Karma

robertlight
Path Finder

import cherrypy

sessionKey = cherrypy.session['sessionKey']

TonyLeeVT
Builder

I downvoted this post because this did not seem to work for me. i have the following error:
attributeerror: 'module' object has no attribute 'session'

do you have a move complete answer?

0 Karma

eirik_talberg
Explorer

I may have missed something, but this does not work with Django Bindings apps.

File "/opt/splunk/etc/apps/myapp/django/myapp/views.py", line 158, in privat
    session_key = cherrypy.session["sessionKey"]
  File "/opt/splunk/lib/python2.7/site-packages/cherrypy/__init__.py", line 322, in __getitem__
    child = getattr(serving, self.__attrname__)
AttributeError: '_Serving' object has no attribute 'session'

michelecappelle
Engager

this stuff really doesn't work

eirik_talberg
Explorer

It's a lot easier to just use request.service if you want to use REST.

0 Karma

robertlight
Path Finder

Question: is there an official splunk API call that I can use that will shield me from using cherrypy internals to get this information out of the request?

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...