Hi.
I am trying to submit events, from a scripted input, with user 'nobody'
I am getting this error:
HTTP 403 Forbidden -- insufficient permission to access this resource
In order to submit my events I did the following:
Set tup my script in inputs.conf like this
[script://$SPLUNK_HOME/etc/apps/my_app/bin/my_script.py]
disabled = false
index = my_index
interval = * * * * *
sourcetype = generic_single_line
passAuth = nobody
As explained in the documentation, http://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf
I am getting an auth token for my script.
passAuth = <username>
* User to run the script as.
* If you provide a username, the instance generates an auth token for that
user and passes it to the script via stdin.
I am using the generated auth_token on my script like this.
service = client.Service(token=auth_token, app='my_app')
index = service.indexes["my_index"]
index.submit("Test", sourcetype="my_sourcetype", host="my_host", source="my_source")
I also tried:
kwargs = {"owner":"nobody","app":"my_app","token":auth_token}
service = client.connect(**kwargs)
index = service.indexes["my_index"]
index.submit("Test", sourcetype="my_sourcetype", host="my_host", source="my_source")
None of them work, as soon as it reaches the line: index.submit(), it throws the HTTP 403 Forbidden error.
If I change the 'nobody' user to any other user, even a user with USER role, it works well. But I am required to make my script work with the 'nobody' one.
Any ideas on what I'm doing wrong ?
... View more