Session Key Authentication fails sometimes

Sravan2 · ‎01-02-2025

Apologies if this is in the wrong place.

Im using the Splunk REST API to connect and run search requests through a Python script. I sadly don't have access to the SDK so I have to use the REST API. The issue I'm running into is that after the initial authentication and login, I get back the session key to use for subsequent API calls. The subsequent API calls have a chance to run into a 401 error more often than not, and my current working solution is to use a while loop to keep sending the information until it works. The code looks like below. I set a delay an API call happens every few seconds, but I can't figure out why it will usually fail, but then randomly choose to work.

done = False
while not done:
    r = requests.post(host + '/services/search/jobs/', headers={'Authorization':'Splunk %s' %Session_key}, data={'Search':query}, verify=False)
    if r.status+code ==201:
        done = True

marnall · ‎01-02-2025

Is there any reason why you aren't creating a token from the interface under Settings->Users and Authentication->Tokens, and then using it to call the API? That would be much more reliable than using a single session key.

Session Key Authentication fails sometimes

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

Session Key Authentication fails sometimes

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem