Re: Why am I not getting sessionKey while using cu...

pjvarjani · ‎10-30-2014

I am having two apps, Main app and Add-On app.

Add-On app contains one data collector script which works as splunk data input script and feeds data to splunk.

This data collector script is being executed at regular intervals and each time it gets sessionkey from splunk and uses it to fetch the encrypted credentials.

I have also added Custom search command in main app, there is one wrapper script for custom search command in main app, which will collect command and options and pass it to the data collector script of Add-On app.

But, whenever data collector script is being called by this wrapper, it is not able to get the sessionKey from splunk.

Below are the contents of commands.conf for custom search command.

[customCollect]

filename = customCollect.py

supports_getinfo=true

generating=true

supports_rawargs = true

outputheader = true

enableheader = true

passauth = true

streaming = false

retainsevents = true

changes_colorder = true

overrides_timeorder = false

In data collector script, I have tried below given two approaches to get sessionkey but none of them is working.

1) results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()

   sessionKey = settings.get("sessionKey", None)

2) sessionKey = sys.stdin.readline().strip()

BernardEAI · ‎11-16-2020

Did you ever manage to get a solution to this? I can also get the sessionKey with

auth.getSessionKey('admin','<password for admin>')

but I also don't want to hardcode the password.

tpeveler_splunk · ‎02-04-2019

See https://answers.splunk.com/answers/434017/how-to-get-session-key-in-a-search-script-script-s

I successfully implemented the approach specified in the Accepted Answer and was able to get the sessionKey when executing a custom search command.

marcolesh · ‎08-21-2018

import urllib2
import urllib
import httplib2

myhttp = httplib2.Http(disable_ssl_certificate_validation=True)
baseurl = 'https://127.0.0.1:8089'

searchjob = self.myhttp.request(self.baseurl + '/services/search/jobs','POST', headers={'Authorization': 'Splunk %s' % self._metadata.searchinfo.session_key},body=urllib.urlencode({'search': searchquery}))[1]

Using the code above you can get logged in splunkd using token session of logged user

mkhan_splunk · ‎05-29-2018

Hi,
Did you find any solution, I am facing same issue

marcolesh · ‎08-16-2018

Hi mkhab_splunk did you find any solution. I'm facing same problem

TonyLeeVT · ‎04-06-2017

I have been able to get the sessionKey by doing this:

import splunk.auth as auth

sessionKey = auth.getSessionKey('admin','<password for admin>')

It may help in your troubleshooting, but if you have to hard code the admin credentials to get access to other credentials, what is the point... This is very frustrating because it seems that the behavior may have changed from Splunk v4 -> Splunk v6.

Why am I not getting sessionKey while using custom search command

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation