Splunk Enterprise Security

How do I get the sessionKey from a Splunk app's serverside python code?

robertlight
Path Finder

I have created a Splunk app and am sending ajax request to it from the browser.

The serverside python code will then make REST calls to Splunk.

I need access to the logged-in user's sessionKey to make my REST calls to Splunk.

How do I get it?

(I am actually asking this rhetorically since I know how to do it... but couldn't find the answer here)

1 Solution

robertlight
Path Finder

import cherrypy

sessionKey = cherrypy.session['sessionKey']

View solution in original post

michelecappelle
Engager

Just use the service object, getting it from the http request

// your http/ ajax controller

def home(request):
service = request.service
savedsearches = service.saved_searches

0 Karma

robertlight
Path Finder

My ajax controller looks like:

    @expose_page(must_login=True, trim_spaces=True, methods=['GET'])
    def getCurrent(self, **params):

where params is a dict {'type':'alert',.... }

I can't seem to get access to the request

0 Karma

robertlight
Path Finder

import cherrypy

sessionKey = cherrypy.session['sessionKey']

TonyLeeVT
Builder

I downvoted this post because this did not seem to work for me. i have the following error:
attributeerror: 'module' object has no attribute 'session'

do you have a move complete answer?

0 Karma

eirik_talberg
Explorer

I may have missed something, but this does not work with Django Bindings apps.

File "/opt/splunk/etc/apps/myapp/django/myapp/views.py", line 158, in privat
    session_key = cherrypy.session["sessionKey"]
  File "/opt/splunk/lib/python2.7/site-packages/cherrypy/__init__.py", line 322, in __getitem__
    child = getattr(serving, self.__attrname__)
AttributeError: '_Serving' object has no attribute 'session'

michelecappelle
Engager

this stuff really doesn't work

eirik_talberg
Explorer

It's a lot easier to just use request.service if you want to use REST.

0 Karma

robertlight
Path Finder

Question: is there an official splunk API call that I can use that will shield me from using cherrypy internals to get this information out of the request?

0 Karma
Get Updates on the Splunk Community!

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...