Security

API Token authentication

Rdoggala
Loves-to-Learn Lots

Hi ,

am trying to access : 

curl -k https://localhost:8089/services/auth/login -d username=admin -d password=foobar

https://localhost:8089/services/auth/login

Getting error , could you please tell me which credentials need to enter

 
 
 

 

 

 

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

use curl -ku USER:PASSWORD https://....

and good habit is first read user:password to env variable like

read UP

and then use it on command like curl -ku $UP .....

r. Ismo

0 Karma

Rdoggala
Loves-to-Learn Lots

Rdoggala_0-1598183417606.png

 Getting attached error, do you any idea

0 Karma

isoutamo
SplunkTrust
SplunkTrust

If I saw correct you have “search index*_internal” when it should be “search index=_internal”

r. Ismo

0 Karma

Rdoggala
Loves-to-Learn Lots

sorry to asking this many questions, am very new to splunk

getting same error again, but end of the screen below error also coming

ConnectionRefusedError: [WinError 10061] No connection could be made because the target machine actively refused it

note: i have not installed splunk in my machine, please suggest me what to do

 

thanks for your help

0 Karma

thambisetty
Super Champion

Hi,

I have tried below on my local machine and it's working fine. 

curl -k https://localhost:8089/services/auth/login -d username=admin -d password=foobar

 

you mentioned you have not installed Splunk on local machine, then how you could connect localhost:8089, replace localhost with IP which you are trying to connect.

and make sure, you have connectivity to the IP from the machine you are trying from over port 8089. 

you could test connectivity by using telnet 

telnet targetIP 8089

if the results says connected, that means you have connectivity.

————————————
If this helps, give a like below.
0 Karma

Rdoggala
Loves-to-Learn Lots

Thank you very much for prompt reply.

1. is splunk works on 8089 host only?

2.due to admin access , i have not installed splunk in my machine. is there any specifications (host , port and others) to mention if am  installing?

3.i wanted to download dashboard graphs from spunk using python script, is this possible? if yes give some ideas?

0 Karma

thambisetty
Super Champion

I think you need to understand below first:

  1. what are common ports used in Splunk and their purpose
  2. Little bit network concepts.

Splunkweb is web page where you can interact with Splunk and it runs on 8000 port by default.

if Splunk is running on your local machine, you could connect Splunk web using url http://localhost:8000 or http://127.0.0.1:8000 and you could connect Splunk web using url https://localhost:8000 or https://127.0.0.1 if ssl is enabled in Splunk web.conf.

Splunk has management port i.e 8089 and this is mainly used for managing Splunk  using rest API calls.

to access Splunk from other machine (not locally), to connect splunkweb the url should be http://ip:8000 or https://ip:8000 if ssl is enabled and your Splunk is not setup with custom port.

since you are talking about connecting to Splunk using rest API , the default management port is 8089.

first , check the connectivity from the box you are trying to where Splunk is installed over the port 8089 using telnet as I mentioned before.

coming to your second question that you can download dashboard from Splunk, I don' t think you can download dashboard , but I am sure you can run searches and fetch results.

follow below link.

https://docs.splunk.com/Documentation/Splunk/8.0.5/Search/ExportdatausingRESTAPI

————————————
If this helps, give a like below.
0 Karma

Rdoggala
Loves-to-Learn Lots

@thambisetty  really informative details 

i dont have splunk on my machine , i have registered splunk cloud and using since 2days.

1.tested three hosts 8000,8089 and 8080, all are connection failed

2.i don't  have any data in splunk cloud , could you please tell me how i can get

Rdoggala_0-1598192651566.png

3. as you said we can export result from splunk dashboard, may i know in which format we get the result.

4.can we export dashboard  to the PPT?

 

 

0 Karma

thambisetty
Super Champion

the page what you have shared is from splunkweb only.

if you are using corporate laptop, there could be connectivity issues since you are trying to connect the host and port unknown.

 

 

————————————
If this helps, give a like below.
0 Karma

thambisetty
Super Champion
curl -k https://localhost:8089/services/auth/login --data-urlencode username=admin --data-urlencode password=pass

 
https://docs.splunk.com/Documentation/Splunk/8.0.5/RESTUM/RESTusing#Authentication

————————————
If this helps, give a like below.
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!