Splunk Enterprise Security

How do I get the sessionKey from a Splunk app's serverside python code?

robertlight
Path Finder

I have created a Splunk app and am sending ajax request to it from the browser.

The serverside python code will then make REST calls to Splunk.

I need access to the logged-in user's sessionKey to make my REST calls to Splunk.

How do I get it?

(I am actually asking this rhetorically since I know how to do it... but couldn't find the answer here)

1 Solution

robertlight
Path Finder

import cherrypy

sessionKey = cherrypy.session['sessionKey']

View solution in original post

michelecappelle
Engager

Just use the service object, getting it from the http request

// your http/ ajax controller

def home(request):
service = request.service
savedsearches = service.saved_searches

0 Karma

robertlight
Path Finder

My ajax controller looks like:

    @expose_page(must_login=True, trim_spaces=True, methods=['GET'])
    def getCurrent(self, **params):

where params is a dict {'type':'alert',.... }

I can't seem to get access to the request

0 Karma

robertlight
Path Finder

import cherrypy

sessionKey = cherrypy.session['sessionKey']

TonyLeeVT
Builder

I downvoted this post because this did not seem to work for me. i have the following error:
attributeerror: 'module' object has no attribute 'session'

do you have a move complete answer?

0 Karma

eirik_talberg
Explorer

I may have missed something, but this does not work with Django Bindings apps.

File "/opt/splunk/etc/apps/myapp/django/myapp/views.py", line 158, in privat
    session_key = cherrypy.session["sessionKey"]
  File "/opt/splunk/lib/python2.7/site-packages/cherrypy/__init__.py", line 322, in __getitem__
    child = getattr(serving, self.__attrname__)
AttributeError: '_Serving' object has no attribute 'session'

michelecappelle
Engager

this stuff really doesn't work

eirik_talberg
Explorer

It's a lot easier to just use request.service if you want to use REST.

0 Karma

robertlight
Path Finder

Question: is there an official splunk API call that I can use that will shield me from using cherrypy internals to get this information out of the request?

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...