Getting Data In

Why does REST API access work via a web browser, but not via CURL?

thisissplunk
Builder

I'm accessing my forwarder's REST API endpoints like so in a web browser and it works:

https://10.10.10.10:8089/services/configs/inputs

When I try to do the same via curl:

curl -k -u 'my.splunk.username' https://10.10.10.10:8089/services/configs/inputs

I get "Unauthorized" instead:

Enter host password for user 'my.splunk.username':
<?xml version="1.0" encoding="UTF-8"?>
<response>
  <messages>
    <msg type="ERROR">Unauthorized</msg>
  </messages>
</response>

Is there something else I need to enable on my forwarder to allow these calls?

1 Solution

thisissplunk
Builder

Sadly, the issue was that the CLI way of adding a user really messes up on a LOT of special characters. I had to reset my password without them.

View solution in original post

0 Karma

thisissplunk
Builder

Sadly, the issue was that the CLI way of adding a user really messes up on a LOT of special characters. I had to reset my password without them.

0 Karma

sunilpanda023
Path Finder

if you providing -u argument you need to provide authentication 'username:password'

curl -k -u 'username:password' https://10.10.10.10:8089/services/configs/inputs

One more thing, I see here is the network IP you are using, it could be sitting inside same private network but in different VPC.
Try adding the hostname to no_proxy variable and then do a CURL, adding the host will allow the request not enter through Internet Gateway but will treat the other host VPC in same private network.

Add your host to no_proxy env variable

bash$ env | grep no_proxy
bash$ export no_proxy=$no_proxy,10.10.10.10

then try

bash$ curl -k -u 'username:password' 'https://10.10.10.10:8089/services/configs/inputs'

or

bash$ curl https://10.10.10.10:8089/services/configs/inputs

MuS
SplunkTrust
SplunkTrust

are you connecting from the same remote machine in both examples, or is one (the browser) local on the server that has the forwarder and curl is done remotely? Also, are you doing both calls with 'my.splunk.username'?

thisissplunk
Builder

I'm connecting from the same machine (my laptop) and using the same credentials. My account has the admin role. Do I need to give it more roles possibly?

0 Karma

somesoni2
SplunkTrust
SplunkTrust

Are you providing both user name and password in the curl command, the same user name ans password that you'll use in browser?

curl -k -u username:password https://10.10.10.10:8089/services/configs/inputs
0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...