Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why am I not getting sessionKey while using custom search command

pjvarjani
Path Finder
‎10-30-2014 03:48 AM

I am having two apps, Main app and Add-On app.

Add-On app contains one data collector script which works as splunk data input script and feeds data to splunk.

This data collector script is being executed at regular intervals and each time it gets sessionkey from splunk and uses it to fetch the encrypted credentials.

I have also added Custom search command in main app, there is one wrapper script for custom search command in main app, which will collect command and options and pass it to the data collector script of Add-On app.

But, whenever data collector script is being called by this wrapper, it is not able to get the sessionKey from splunk.

Below are the contents of commands.conf for custom search command.

[customCollect]

filename = customCollect.py

supports_getinfo=true

generating=true

supports_rawargs = true

outputheader = true

enableheader = true

passauth = true

streaming = false

retainsevents = true

changes_colorder = true

overrides_timeorder = false

In data collector script, I have tried below given two approaches to get sessionkey but none of them is working.

1) results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()

   sessionKey = settings.get("sessionKey", None)

2) sessionKey = sys.stdin.readline().strip()

Reply

BernardEAI
Communicator
‎11-16-2020 04:46 AM

Did you ever manage to get a solution to this? I can also get the sessionKey with 

auth.getSessionKey('admin','<password for admin>')

but I also don't want to hardcode the password. 

0 Karma
Reply

tpeveler_splunk
Splunk Employee
Splunk Employee
‎02-04-2019 08:49 PM

See https://answers.splunk.com/answers/434017/how-to-get-session-key-in-a-search-script-script-s

I successfully implemented the approach specified in the Accepted Answer and was able to get the sessionKey when executing a custom search command.

0 Karma
Reply

marcolesh
Path Finder
‎08-21-2018 10:25 AM 
import urllib2
import urllib
import httplib2

myhttp = httplib2.Http(disable_ssl_certificate_validation=True)
baseurl = 'https://127.0.0.1:8089'

searchjob = self.myhttp.request(self.baseurl + '/services/search/jobs','POST', headers={'Authorization': 'Splunk %s' % self._metadata.searchinfo.session_key},body=urllib.urlencode({'search': searchquery}))[1]

Using the code above you can get logged in splunkd using token session of logged user

0 Karma
Reply

mkhan_splunk
New Member
‎05-29-2018 03:09 AM

Hi,
Did you find any solution, I am facing same issue

0 Karma
Reply

marcolesh
Path Finder
‎08-16-2018 01:15 PM

Hi mkhab_splunk did you find any solution. I'm facing same problem

0 Karma
Reply

TonyLeeVT
Builder
‎04-06-2017 04:48 PM

I have been able to get the sessionKey by doing this:

import splunk.auth as auth

sessionKey = auth.getSessionKey('admin','<password for admin>')

It may help in your troubleshooting, but if you have to hard code the admin credentials to get access to other credentials, what is the point... This is very frustrating because it seems that the behavior may have changed from Splunk v4 -> Splunk v6.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...