Re: Session Key Authentication fails sometimes

Sravan2 · ‎01-02-2025

Apologies if this is in the wrong place.

Im using the Splunk REST API to connect and run search requests through a Python script. I sadly don't have access to the SDK so I have to use the REST API. The issue I'm running into is that after the initial authentication and login, I get back the session key to use for subsequent API calls. The subsequent API calls have a chance to run into a 401 error more often than not, and my current working solution is to use a while loop to keep sending the information until it works. The code looks like below. I set a delay an API call happens every few seconds, but I can't figure out why it will usually fail, but then randomly choose to work.

done = False
while not done:
    r = requests.post(host + '/services/search/jobs/', headers={'Authorization':'Splunk %s' %Session_key}, data={'Search':query}, verify=False)
    if r.status+code ==201:
        done = True

marnall · ‎01-02-2025

Is there any reason why you aren't creating a token from the interface under Settings->Users and Authentication->Tokens, and then using it to call the API? That would be much more reliable than using a single session key.

Session Key Authentication fails sometimes

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation