All Apps and Add-ons

Web Tools Add on (TA-webtools) curl command throws an error on version 1.2.3

gjanders
SplunkTrust
SplunkTrust

After running:
| curl method=post uri=https://localhost:8089/ splunkauth=true

I'm receiving an error, a check of the python.log shows me:

 2019-04-05 03:17:21,946 +0000 ERROR     curl:287 - bad operand type for unary +: 'str'. Traceback: Traceback (most recent call last):
 File "/opt/splunk/etc/apps/TA-webtools/bin/curl.py", line 123, in execute
   + "\texample: curl method=get verifyssl=true uri=https://localhost:8089 " \
TypeError: bad operand type for unary +: 'str'

I found line 86 was an issue, along with line 58, I added the if headers == None line as the below to force the headers to not be None

 86             if headers == None:
 87                 headers = {}
 88             headers["Authorization"] =  'Splunk %s' % sessionKey

if they were not set, otherwise the curl command just doesn't work!

Otherwise great application, thanks for creating it!

Alerts for Splunk Admins https://splunkbase.splunk.com/app/3796/
Version Control for Splunk https://splunkbase.splunk.com/app/4355/
Tags (1)
1 Solution

jkat54
SplunkTrust
SplunkTrust

Thanks for posting the solution @gjanders!

I got a little ahead of myself on the last release and didnt test the non-splunk auth methods of the curl SPL command.

Version 1.2.3 works fine if you use splunkauth because that fork in the code doesnt have the bug. The solution for now is to edit /bin/curl.py and add headers={} before the authorization header is added headers["Authorization"] = 'Splunk %s' % sessionKey as shown below:

headers={}
headers["Authorization"] =  'Splunk %s' % sessionKey

Be mindful of your indentation if you decide to patch curl.py yourself. This bug appears in the definitions/functions named get(), head() post() and delete() near the top of curl.py.

I'll release a new patch soon.

View solution in original post

suser2019
Explorer

I am using this app https://splunkbase.splunk.com/app/4146
The curl command is not picking up method=POST and always returning error 405 and
{"error":{"detail":"GET method not supported for API","message":"Method not Supported"},"status":"failure"}

I used this command
| eval header="{\"Content-Type\":\"application/json\", \"Accept\":\"application/json\"}"
| curl method=post uri= user= pass= headerfield= header

Now I am not sure how to make a POST call to an external API from Splunk search. Every time it is being detected as GET.

0 Karma

gjanders
SplunkTrust
SplunkTrust

Please create a new question for this if you need help

Alerts for Splunk Admins https://splunkbase.splunk.com/app/3796/
Version Control for Splunk https://splunkbase.splunk.com/app/4355/
0 Karma

suser2019
Explorer
0 Karma

suser2019
Explorer

Testing the splunk add on for service-now app..

0 Karma

suser2019
Explorer

it is working

0 Karma

jkat54
SplunkTrust
SplunkTrust

Thanks for posting the solution @gjanders!

I got a little ahead of myself on the last release and didnt test the non-splunk auth methods of the curl SPL command.

Version 1.2.3 works fine if you use splunkauth because that fork in the code doesnt have the bug. The solution for now is to edit /bin/curl.py and add headers={} before the authorization header is added headers["Authorization"] = 'Splunk %s' % sessionKey as shown below:

headers={}
headers["Authorization"] =  'Splunk %s' % sessionKey

Be mindful of your indentation if you decide to patch curl.py yourself. This bug appears in the definitions/functions named get(), head() post() and delete() near the top of curl.py.

I'll release a new patch soon.

View solution in original post

.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!