I am trying to call a 3rd party API which supports Certificate and Key based authentication. I have an on-prem instance of Splunk (Version: 9.0.2) running on a VM. I have verified the API response on the VM via curl command (Command used: curl --cert <"path to .crt file"> --key <"path to .key file"> --header "Authorization: <token>" --request GET <"url">) which gives response for a normal user. However, when running the same curl command using shell in Splunk Add-on Builder's Modular Data Inputs, the command only works with "sudo" otherwise it gives Error 403. When checked with "whoami", it returns the user as root. Question 1: Why is the curl command not working without using sudo even when the user is root. Is there any configuration that I need to modify to make it work without using sudo. Question 2: How do I make the same API call using Python code in Modular Data Inputs of Splunk Add-on Builder.
... View more