# How to get cookies for simulation or accessing UI port.

#

cval=`curl -c - -k http://splunk:8000 -L -o a 2>/dev/null|grep cval|tr -s " " " " | cut -d $'\t' -f 7`

ab=`curl -c - -k http://splunk:8000/en-US/account/login -H "Cookie: cval=$cval" -d "username=MYUSER&password=MYPASSWORD&cval=$cval" -o a 2>/dev/null |egrep "csrf|splunkd_8000" |perl -pe 's/\n/ /g' | perl -pe 's/\t/ /g'`

 
csrf_token=$(echo $ab |cut -d " " -f 7)
splunkd_8000=$(echo $ab | cut -d " " -f 14)

echo "splunkweb_csrf_token=$csrf_token"
echo "splunkd_8000=$splunkd_8000"

# Once cookies ready, then fill headers for command

#headers = {
#Cookie: splunkd_8000=<splunkd_cookie>;splunkweb_csrf_token_8000=<csrf_token>,
#Content-type: application/json,
#X-Requested-With: XMLHttpRequest,
#X-Splunk-Form-Key: <csrf_token> <<< csrf this appears for POST only..
#}

# Example:

curl -c - -k http://splunk:8000/en-US/splunkd/__raw/servicesNS/-/-/saved/searches/ -H "Cookie: cval=372560337;splunkweb_csrf_token_8000=1324774297983139238;splunkd_8000=xuqLdlcjgtNm77umvfv6WZvJnX^WbTGvi2f2XbBMhoHe3nsshq_rGa6_Rknw06XThwCvML2VLuyQhTuhJJsFyx8TRAHi7RC17Up56IkluUmQVCLj9R4uZl9OyNP9Z7qBhIr" -X GET -H "X-Splunk-Form-Key: 1324774297983139238" -H "X-Requested-With: XMLHttpRequest" -H "Content-type: application/json"