Splunk Enterprise Security

How do I get the sessionKey from a Splunk app's serverside python code?

robertlight
Path Finder

I have created a Splunk app and am sending ajax request to it from the browser.

The serverside python code will then make REST calls to Splunk.

I need access to the logged-in user's sessionKey to make my REST calls to Splunk.

How do I get it?

(I am actually asking this rhetorically since I know how to do it... but couldn't find the answer here)

1 Solution

robertlight
Path Finder

import cherrypy

sessionKey = cherrypy.session['sessionKey']

View solution in original post

michelecappelle
Engager

Just use the service object, getting it from the http request

// your http/ ajax controller

def home(request):
service = request.service
savedsearches = service.saved_searches

0 Karma

robertlight
Path Finder

My ajax controller looks like:

    @expose_page(must_login=True, trim_spaces=True, methods=['GET'])
    def getCurrent(self, **params):

where params is a dict {'type':'alert',.... }

I can't seem to get access to the request

0 Karma

robertlight
Path Finder

import cherrypy

sessionKey = cherrypy.session['sessionKey']

TonyLeeVT
Builder

I downvoted this post because this did not seem to work for me. i have the following error:
attributeerror: 'module' object has no attribute 'session'

do you have a move complete answer?

0 Karma

eirik_talberg
Explorer

I may have missed something, but this does not work with Django Bindings apps.

File "/opt/splunk/etc/apps/myapp/django/myapp/views.py", line 158, in privat
    session_key = cherrypy.session["sessionKey"]
  File "/opt/splunk/lib/python2.7/site-packages/cherrypy/__init__.py", line 322, in __getitem__
    child = getattr(serving, self.__attrname__)
AttributeError: '_Serving' object has no attribute 'session'

michelecappelle
Engager

this stuff really doesn't work

eirik_talberg
Explorer

It's a lot easier to just use request.service if you want to use REST.

0 Karma

robertlight
Path Finder

Question: is there an official splunk API call that I can use that will shield me from using cherrypy internals to get this information out of the request?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...