Splunk Search

Why am I not getting sessionKey while using custom search command

pjvarjani
Path Finder

I am having two apps, Main app and Add-On app.

Add-On app contains one data collector script which works as splunk data input script and feeds data to splunk.

This data collector script is being executed at regular intervals and each time it gets sessionkey from splunk and uses it to fetch the encrypted credentials.

I have also added Custom search command in main app, there is one wrapper script for custom search command in main app, which will collect command and options and pass it to the data collector script of Add-On app.

But, whenever data collector script is being called by this wrapper, it is not able to get the sessionKey from splunk.

Below are the contents of commands.conf for custom search command.

[customCollect]

filename = customCollect.py

supports_getinfo=true

generating=true

supports_rawargs = true

outputheader = true

enableheader = true

passauth = true

streaming = false

retainsevents = true

changes_colorder = true

overrides_timeorder = false

In data collector script, I have tried below given two approaches to get sessionkey but none of them is working.

1) results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()

   sessionKey = settings.get("sessionKey", None)

2) sessionKey = sys.stdin.readline().strip()

BernardEAI
Communicator

Did you ever manage to get a solution to this? I can also get the sessionKey with 

auth.getSessionKey('admin','<password for admin>')

but I also don't want to hardcode the password. 

0 Karma

tpeveler_splunk
Splunk Employee
Splunk Employee

See https://answers.splunk.com/answers/434017/how-to-get-session-key-in-a-search-script-script-s

I successfully implemented the approach specified in the Accepted Answer and was able to get the sessionKey when executing a custom search command.

0 Karma

marcolesh
Path Finder
import urllib2
import urllib
import httplib2

myhttp = httplib2.Http(disable_ssl_certificate_validation=True)
baseurl = 'https://127.0.0.1:8089'

searchjob = self.myhttp.request(self.baseurl + '/services/search/jobs','POST', headers={'Authorization': 'Splunk %s' % self._metadata.searchinfo.session_key},body=urllib.urlencode({'search': searchquery}))[1]

Using the code above you can get logged in splunkd using token session of logged user

0 Karma

mkhan_splunk
New Member

Hi,
Did you find any solution, I am facing same issue

0 Karma

marcolesh
Path Finder

Hi mkhab_splunk did you find any solution. I'm facing same problem

0 Karma

TonyLeeVT
Builder

I have been able to get the sessionKey by doing this:

import splunk.auth as auth

sessionKey = auth.getSessionKey('admin','<password for admin>')

It may help in your troubleshooting, but if you have to hard code the admin credentials to get access to other credentials, what is the point... This is very frustrating because it seems that the behavior may have changed from Splunk v4 -> Splunk v6.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!