Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Rest API - Returning 401 Unauthorized

scriv
Explorer
‎07-27-2017 06:09 AM

I'm getting a 401 Unauthorized error no matter what I try, when trying to access the REST API. I've tried with curl and via regular web browser, same error. I tried using the admin account, I tried creating a new account and a new role which has the following REST capabilities:
rest_apps_management
rest_apps_view
rest_properties_get
rest_properties_set

This new account's username and password is standard, no special characters.

curl -u restapi:password -k https://testserver:8089/services/search/jobs -d search="search *"

But I've also tried assigning the admin role and all the other capabilities. Nothing works. I get this error everytime. Is there something else that I need to set in Splunk? This is driving me bananas at this stage. We have a fully licencse on-side Splunk instance, but I am using the unlicensed latest version in a test environment.

Thanks for any help
Sean

Tags (1)
0 Karma
Reply

Subarna
Explorer
‎11-26-2022 05:45 AM

Hi Team

  I am getting the below error while trying to access  splunk Rest API . . I am trying to login using the username and password.  Is there any other access required to successfully Login .Please help on the same.

Below is the code snippet

 

Map<String,Object> connectionArgs=new HashMap<String,Object>();
connectionArgs.put("host", "myHost");

connectionArgs.put("username", "myUsename");
connectionArgs.put("password", "myPassword");
connectionArgs.put("port",8089);
connectionArgs.put("scheme","https");

HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);

Service service=Service.connect(connectionArgs);

 

Exception in thread "main" com.splunk.HttpException: HTTP 401 -- Login failed
at com.splunk.HttpException.create(HttpException.java:84)
at com.splunk.HttpService.send(HttpService.java:452)
at com.splunk.Service.send(Service.java:1293)
at com.splunk.HttpService.post(HttpService.java:308)

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎08-17-2017 03:48 PM

This shows something is already listening on port 8089 so Splunk probably asked on startup if you'd like to use another port and chose the next available 8090.

Do you have a Splunk universal forwarder installed too?

Reply

scriv
Explorer
‎08-18-2017 06:24 AM

Nope, no universal forwarder in this dev environment - the fact that it is working now is that main thing, but thanks for all your help!

0 Karma
Reply

scriv
Explorer
‎08-14-2017 11:52 AM

Not sure why, but the solution to this problem was to change the port to 8090!!

curl -u restapi:password -k https://testserver:8090/services/search/jobs -d search="search *"

Why would this be?

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎08-14-2017 12:37 PM

I guess you've changed the SplunkD port somehow.

0 Karma
Reply

scriv
Explorer
‎08-14-2017 03:25 PM

I don't believe I did. I had no reason to at all.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎08-14-2017 04:25 PM

Can you post the output of this?

netstat -an | grep 808
0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎08-14-2017 04:26 PM

Also this

ps -ef | grep 808
0 Karma
Reply

scriv
Explorer
‎08-15-2017 08:43 AM

I have it installed on Windows Server 2012. What would the command be on that? The guy who found the solution to change the port in the command might have also changed the port in the server settings, so I'm asking and will let you know. Either way, there was still a problem with 8089

0 Karma
Reply

scriv
Explorer
‎08-15-2017 08:54 AM

It was just the port in the command that was changed to 8090 - nothing on the server was changed

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎08-15-2017 02:57 PM

netstat -an | findstr :808

Please

0 Karma
Reply

scriv
Explorer
‎08-16-2017 04:47 AM

netstat -an | findstr :808
TCP 0.0.0.0:8088 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8089 0.0.0.0:0 LISTENING

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎03-07-2018 09:59 AM

ok so maybe in iptables you route port 8090 to 8089?

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎07-27-2017 11:49 AM

They also need the rest "tok" capabilities AND you must change the default admin password from changeme to something else.

0 Karma
Reply

scriv
Explorer
‎07-28-2017 04:42 AM

Thanks jkcat. The only capability that I could find with the word "tok" in it was "request_remote_tok", and enabling that didn't make a difference. Am I missing something? Also I changed the password from default, that didn't make a difference, either. Still getting the same 401 Unauthorized error

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎08-02-2017 08:44 AM

Is there a proxy server configured on your host you're testing from?

Are you using splunk free or splunk lite?

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎08-15-2017 02:58 PM

Please provide the output of this ran from a command prompt:

netstat -an | findstr :808

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...