I'm using Splunk enterprise Version: 8.2.7 I'm trying to get a session key then run a search through the rest api.

Requesting the login through curl works:
C:\Users\A0493110>curl -k https://lflvsplunksh01:8089/services/auth/login --data-urlencode username=a0493110 --data-urlencode password=mypassword
<response>
<sessionKey>7AH24BVGEB^64CzSgJrZWyI4kMAASmOMC395npKhZEwxG0g3Leh6Kpm5uxRTLWoSz07gTgbPqqlcHCJAomHMIRniHO1FgY2kimJBYYirzq1WJZQm</sessionKey>
<messages>
<msg code=""></msg>
</messages>
</response>

But requesting the login using Insomnia (a rest API endpoint tester) the login Fails. I am sending the login credentials in json as described in the splunk tutorial.

<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="WARN">Login failed</msg>
</messages>
</response>

* Preparing request to https://lflvsplunksh01:8089/services/auth/login
* Current time is 2023-08-08T22:23:10.266Z
* Enable automatic URL encoding
* Using default HTTP version
* Disable SSL validation
* Uses proxy env variable no_proxy == 'localhost,127.0.0.1,.micron.com,addmmsi'
* Too old connection (18958 seconds), disconnect it
* Connection 7 seems to be dead!
* Closing connection 7
* TLSv1.2 (OUT), TLS header, Unknown (21):
* TLSv1.2 (OUT), TLS alert, decode error (562):
* Hostname in DNS cache was stale, zapped
* Trying 10.192.88.222:8089...
* Connected to lflvsplunksh01 (10.192.88.222) port 8089 (#8)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=SplunkServerDefaultCert; O=SplunkUser
* start date: Apr 19 22:58:51 2023 GMT
* expire date: Apr 18 22:58:51 2026 GMT
* issuer: C=US; ST=CA; L=San Francisco; O=Splunk; CN=SplunkCommonCA; emailAddress=support@splunk.com
* SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):

> POST /services/auth/login HTTP/1.1
> Host: lflvsplunksh01:8089
> User-Agent: insomnia/2023.4.0
> Content-Type: application/json
> Accept: */*
> Content-Length: 52

| {
| "username": "a0493110",
| "password": "mypassword"
| }

* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse

< HTTP/1.1 400 Bad Request
< Date: Tue, 08 Aug 2023 22:23:10 GMT
< Expires: Thu, 26 Oct 1978 00:00:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, max-age=0
< Content-Type: text/xml; charset=UTF-8
< X-Content-Type-Options: nosniff
< Content-Length: 129
< Connection: Keep-Alive
< X-Frame-Options: SAMEORIGIN
< Server: Splunkd

* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Received 129 B chunk
* Connection #8 to host lflvsplunksh01 left intact

Any help would be greatly appreciated.  I want to get it working first in Insomnia then in a .net client I am writing.