Splunk Search

Why am I getting the following 'call not properly authenticated' error when using Splunk SDK for JavaScript?

rumman92
New Member

Whenever I try to do a search query using Splunk SDK for JavaScript (using node), I get the following error message:

{ messages: [ { type: 'WARN', text: 'call not properly authenticated' } ] }

I checked multiple forums but none have helped.

I am able to login (always), but as soon as I call search() function, I get this error.

Here is my function call:

    splunkService.login (err, success) ->
        if err
            console.log err.data
        else
            console.log ("Login is successful")  #this always successful

            query = 'search index=a sourcetype=b application=*abc* | top 1 error'
            params = {
                earliest_time: '-15m'
                latest_time: 'now'
                exec_mode: 'normal'
            }

            searchSplunk(query, params)

    searchSplunk = (query, params) ->
        splunkService.search query, params, (err, job) ->
            if err
                console.log 'Error Encountered:'
                console.log err.data
            else
                console.log 'Job ID: ' + job.sid
                #console.log job

                job.track {period: 200},
                    done: (job) ->
                        console.log 'Done, here!'

                        job.results {}, (err, results, job) ->
                            if err
                                console.log err

                            else
                                results.fields.forEach (field) ->
                                    console.log field

                                results.rows.forEach (row) ->
                                    console.log row

                    failed: (job) ->
                        console.log 'Job failed'

                    error: (err) ->
                        console.log err.data

Please note, oneshotSearch() always works, search() works but just 2 times out of 10.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...