Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why am I not getting sessionKey while using custom search command

pjvarjani
Path Finder
‎10-30-2014 03:48 AM

I am having two apps, Main app and Add-On app.

Add-On app contains one data collector script which works as splunk data input script and feeds data to splunk.

This data collector script is being executed at regular intervals and each time it gets sessionkey from splunk and uses it to fetch the encrypted credentials.

I have also added Custom search command in main app, there is one wrapper script for custom search command in main app, which will collect command and options and pass it to the data collector script of Add-On app.

But, whenever data collector script is being called by this wrapper, it is not able to get the sessionKey from splunk.

Below are the contents of commands.conf for custom search command.

[customCollect]

filename = customCollect.py

supports_getinfo=true

generating=true

supports_rawargs = true

outputheader = true

enableheader = true

passauth = true

streaming = false

retainsevents = true

changes_colorder = true

overrides_timeorder = false

In data collector script, I have tried below given two approaches to get sessionkey but none of them is working.

1) results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()

   sessionKey = settings.get("sessionKey", None)

2) sessionKey = sys.stdin.readline().strip()

Reply

BernardEAI
Communicator
‎11-16-2020 04:46 AM

Did you ever manage to get a solution to this? I can also get the sessionKey with 

auth.getSessionKey('admin','<password for admin>')

but I also don't want to hardcode the password. 

0 Karma
Reply

tpeveler_splunk
Splunk Employee
Splunk Employee
‎02-04-2019 08:49 PM

See https://answers.splunk.com/answers/434017/how-to-get-session-key-in-a-search-script-script-s

I successfully implemented the approach specified in the Accepted Answer and was able to get the sessionKey when executing a custom search command.

0 Karma
Reply

marcolesh
Path Finder
‎08-21-2018 10:25 AM 
import urllib2
import urllib
import httplib2

myhttp = httplib2.Http(disable_ssl_certificate_validation=True)
baseurl = 'https://127.0.0.1:8089'

searchjob = self.myhttp.request(self.baseurl + '/services/search/jobs','POST', headers={'Authorization': 'Splunk %s' % self._metadata.searchinfo.session_key},body=urllib.urlencode({'search': searchquery}))[1]

Using the code above you can get logged in splunkd using token session of logged user

0 Karma
Reply

mkhan_splunk
New Member
‎05-29-2018 03:09 AM

Hi,
Did you find any solution, I am facing same issue

0 Karma
Reply

marcolesh
Path Finder
‎08-16-2018 01:15 PM

Hi mkhab_splunk did you find any solution. I'm facing same problem

0 Karma
Reply

TonyLeeVT
Builder
‎04-06-2017 04:48 PM

I have been able to get the sessionKey by doing this:

import splunk.auth as auth

sessionKey = auth.getSessionKey('admin','<password for admin>')

It may help in your troubleshooting, but if you have to hard code the admin credentials to get access to other credentials, what is the point... This is very frustrating because it seems that the behavior may have changed from Splunk v4 -> Splunk v6.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...