Solved: Web Tools Add on (TA-webtools) curl command throws...

gjanders · ‎04-07-2019

After running:
| curl method=post uri=https://localhost:8089/ splunkauth=true

I'm receiving an error, a check of the python.log shows me:

 2019-04-05 03:17:21,946 +0000 ERROR     curl:287 - bad operand type for unary +: 'str'. Traceback: Traceback (most recent call last):
 File "/opt/splunk/etc/apps/TA-webtools/bin/curl.py", line 123, in execute
   + "\texample: curl method=get verifyssl=true uri=https://localhost:8089 " \
TypeError: bad operand type for unary +: 'str'

I found line 86 was an issue, along with line 58, I added the if headers == None line as the below to force the headers to not be None

 86             if headers == None:
 87                 headers = {}
 88             headers["Authorization"] =  'Splunk %s' % sessionKey

if they were not set, otherwise the curl command just doesn't work!

Otherwise great application, thanks for creating it!

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

jkat54 · ‎04-11-2019

Thanks for posting the solution @gjanders!

I got a little ahead of myself on the last release and didnt test the non-splunk auth methods of the curl SPL command.

Version 1.2.3 works fine if you use splunkauth because that fork in the code doesnt have the bug. The solution for now is to edit /bin/curl.py and add headers={} before the authorization header is added headers["Authorization"] = 'Splunk %s' % sessionKey as shown below:

headers={}
headers["Authorization"] =  'Splunk %s' % sessionKey

Be mindful of your indentation if you decide to patch curl.py yourself. This bug appears in the definitions/functions named get(), head() post() and delete() near the top of curl.py.

I'll release a new patch soon.

View solution in original post

suser2019 · ‎06-11-2019

I am using this app https://splunkbase.splunk.com/app/4146
The curl command is not picking up method=POST and always returning error 405 and
{"error":{"detail":"GET method not supported for API","message":"Method not Supported"},"status":"failure"}

I used this command
| eval header="{\"Content-Type\":\"application/json\", \"Accept\":\"application/json\"}"
| curl method=post uri= user= pass= headerfield= header

Now I am not sure how to make a POST call to an external API from Splunk search. Every time it is being detected as GET.

gjanders · ‎06-11-2019

Please create a new question for this if you need help

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

suser2019 · ‎06-11-2019

thank you. I created one https://answers.splunk.com/answers/751835/index.html

suser2019 · ‎07-09-2019

Testing the splunk add on for service-now app..

suser2019 · ‎07-16-2019

it is working

jkat54 · ‎04-11-2019

Thanks for posting the solution @gjanders!

I got a little ahead of myself on the last release and didnt test the non-splunk auth methods of the curl SPL command.

Version 1.2.3 works fine if you use splunkauth because that fork in the code doesnt have the bug. The solution for now is to edit /bin/curl.py and add headers={} before the authorization header is added headers["Authorization"] = 'Splunk %s' % sessionKey as shown below:

headers={}
headers["Authorization"] =  'Splunk %s' % sessionKey

Be mindful of your indentation if you decide to patch curl.py yourself. This bug appears in the definitions/functions named get(), head() post() and delete() near the top of curl.py.

I'll release a new patch soon.

Web Tools Add on (TA-webtools) curl command throws an error on version 1.2.3

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...