Dashboards & Visualizations

How can I disable authentication for a collection of KVstore

adri9valle
New Member

Hi,

I need that a python script can make a request to a specific collection of the KVstore. The problem is that the python script cannot generate the token to authenticate against the KVstore.

I'm looking for a solution, I'm thinking in disable the authentication only for this collection or generates a token that never expires to use in every request. If is it possible how can I do this?

I don't know if there're more possibilities.

Thanks,

Regards,

0 Karma

woodcock
Esteemed Legend

Almost anything that you can do with a KV Store, you can do through SPL in a search. You can run a Splunk search remotely through various means but most people don't know that you can run a Splunk search directly on the search head like this (security vulnerability acknowledged):

$SPLUNK_HOME/bin/splunk search "Your SPL to do KV Store stuff here" -auth <user>:<PW>
0 Karma

MoniM
Communicator

Hi @adri9valle ,
It is not possible to disable the authentication as KVstore requires it. To generate the authentication token you need to configure commands.conf file and enable the fields of enableheader and passauth to true.
please go through the below link for more details:-
https://answers.splunk.com/answers/481239/is-there-a-way-to-get-anonymous-access-to-splunks.html

hope it helps!!
Thanks

0 Karma

adri9valle
New Member

Hi @MoniM ,

The problem is that I'm trying to create a new data input script to execute each hour, this script needs access to the KVstore but I don't know how can authenticate against the KVstore from a python script.

How can I get the credentials to make the request from the script automatically?

Thanks!

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...