Splunk Enterprise

How to get mandatory cookies to access Web UI?

Splunk Employee
Splunk Employee

# How to get cookies for simulation or accessing UI port.


cval=`curl -c - -k http://splunk:8000 -L -o a 2>/dev/null|grep cval|tr -s " " " " | cut -d $'\t' -f 7`

ab=`curl -c - -k http://splunk:8000/en-US/account/login -H "Cookie: cval=$cval" -d "username=MYUSER&password=MYPASSWORD&cval=$cval" -o a 2>/dev/null |egrep "csrf|splunkd_8000" |perl -pe 's/\n/ /g' | perl -pe 's/\t/ /g'`

csrf_token=$(echo $ab |cut -d " " -f 7)
splunkd_8000=$(echo $ab | cut -d " " -f 14)

echo "splunkweb_csrf_token=$csrf_token"
echo "splunkd_8000=$splunkd_8000"


# Once cookies ready, then fill headers for command

#headers = {
#Cookie: splunkd_8000=<splunkd_cookie>;splunkweb_csrf_token_8000=<csrf_token>,
#Content-type: application/json,
#X-Requested-With: XMLHttpRequest,
#X-Splunk-Form-Key: <csrf_token> <<< csrf this appears for POST only..

# Example:

curl -c - -k http://splunk:8000/en-US/splunkd/__raw/servicesNS/-/-/saved/searches/ -H "Cookie: cval=372560337;splunkweb_csrf_token_8000=1324774297983139238;splunkd_8000=xuqLdlcjgtNm77umvfv6WZvJnX^WbTGvi2f2XbBMhoHe3nsshq_rGa6_Rknw06XThwCvML2VLuyQhTuhJJsFyx8TRAHi7RC17Up56IkluUmQVCLj9R4uZl9OyNP9Z7qBhIr" -X GET -H "X-Splunk-Form-Key: 1324774297983139238" -H "X-Requested-With: XMLHttpRequest" -H "Content-type: application/json"

Labels (1)
Tags (1)
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...