Splunk Search

Why am I getting "Status 401 call not properly authenticated" running a search using the Splunk Java SDK 1.4.0.0?

dimitrkovalsky
Engager

Hello

I am using Splunk java sdk 1.4.0.0 when I execute this query :

String QUERY = "search \"ab_exper\" index=my_apache | rex \".+cohort%7C(?<cohort>.+)%3Bcampaign%7C(?<campaign>.+)%3Brecipe%7C(?<recipe>.+)%3Bplatform.+\" | stats count(recipe) as recipe_count by campaign, recipe";

ServiceArgs loginArgs = new ServiceArgs();
        loginArgs.setUsername(user);
        loginArgs.setPassword(password);
        loginArgs.setHost(splunkHost);
        loginArgs.setPort(port);

        Service service = Service.connect(loginArgs);
        JobArgs jobArgs = new JobArgs();
        jobArgs.setExecutionMode(JobArgs.ExecutionMode.BLOCKING);
        jobArgs.put("earliest_time", dateFormat.format(new Date(from)));
        jobArgs.put("latest_time", dateFormat.format(new Date(to)));

        Job job = service.getJobs().create(QUERY, jobArgs);
        return parseForRawEntries(job);

I receive different errors :
One of them is 401call not properly authenticated. (And I see [Fatal Error] :1:1: Premature end of file. in console)
Another - unexpected end of file from server.
Authentication is success and returns 200 status.

What could be the problem?

Thanks, Dmytro

jnicholsenernoc
Path Finder

I think that error is from when you are hitting splunk web and not splunkd. Make sure you are going against the proper hostname and especially port. Splunk web, on port 80 or 443 or 8000 isn't the same as talking to splunkd on port 8089.

http://dev.splunk.com/view/python-sdk/SP-CAAAEFC

0 Karma

dimitrkovalsky
Engager

It happens when I use earliest_time less than (current - 86400000L) (more than one day).

0 Karma

jnicholsenernoc
Path Finder

I think that error is from when you are hitting splunk web and not splunkd. Make sure you are going against the proper hostname and especially port. Splunk web, on port 80 or 443 or 8000 isn't the same as talking to splunkd on port 8089.

http://dev.splunk.com/view/python-sdk/SP-CAAAEFC

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...