Hello
There are two steps involved in getting all the tokens.
If you’re using curl, follow the below steps —
(If you’re using POSTMAN or similar services the splunkd and csrf token are extracted and used automatically by the application as long as there is a active web session. The can be found in the cookies tab)
RUN curl -c - -k http://localhost:8000/en-US/account/login to collect the “cval” set-cookie value
EG:
localhost FALSE /en-US/account/ FALSE 0 cval 1850823966
localhost FALSE /en-US/account FALSE 1645485022 splunkweb_uid B0016BF4-2725-475F-9CEF-968387C83900
RUN curl -c - -k http://localhost:8000/en-US/account/login -H "Cookie: cval=1850823966" -d username= -d password= -d cval=1850823966 to retrieve the other tokens
EG:
HttpOnly_localhost FALSE / FALSE 1487808793 splunkd_8000 UDS7UqFb7Am8aHEOftYtluORlpiKom2BHf5P5H_34x2^7unZJy5xNJiNGlHNsrtoHnw6x18KKVDpCz0Qs3vgEFYFCcKsSYqpkJEtQjIsDguZNGsC4NuOXithfgjYkC
localhost FALSE / FALSE 1645485193 splunkweb_csrf_token_8000 12523149765193777622
NOTE: The splunkweb_csrf_token_8000 is the X-Splunk-Form-Key as well.
... View more