Splunk Search

Session Key Authentication fails sometimes

Sravan2
New Member

Apologies if this is in the wrong place. 

Im using the Splunk REST API to connect and run search requests through a Python script. I sadly don't have access to the SDK so I have to use the REST API. The issue I'm running into is that after the initial authentication and login, I get back the session key to use for subsequent API calls. The subsequent API calls have a chance to run into a 401 error more often than not, and my current working solution is to use a while loop to keep sending the information until it works. The code looks like below. I set a delay an API call happens every few seconds, but I can't figure out why it will usually fail, but then randomly choose to work. 

 

 

done = False
while not done:
    r = requests.post(host + '/services/search/jobs/', headers={'Authorization':'Splunk %s' %Session_key}, data={'Search':query}, verify=False)
    if r.status+code ==201:
        done = True

 

 

0 Karma

marnall
Motivator

Is there any reason why you aren't creating a token from the interface under Settings->Users and Authentication->Tokens, and then using it to call the API? That would be much more reliable than using a single session key.

0 Karma
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.

Can’t make it to .conf25? Join us online!

Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...