Splunk Search

Using curl command from TA-Webtools

jpvalenc
Path Finder

So I've been trying to use TA-Webtools app to get data from a Sharepoint site after some googling.

As a test, I’ve tried the example in the page: “| curl method=get ssl=true uri=localhost:8089/services/admin user=admin pass=changeme | table curl*”

But I’m not getting a result. I’m guessing that’s just a template and not an actual command but I’ve also tried with actual data: “| curl method=get ssl=true uri=”//_api/ProjectData/” user=”domain\user” pass=”password” | table curl*”

And I’m still not getting a result.

If it’s not too much to ask, would anyone happen to have a sample command from a public opensource website that will return results so that maybe I can reverse engineer it for my need?

Thank you so much for taking the time to read this and hope that someone out there can help.

Tags (1)
1 Solution

jkat54
SplunkTrust
SplunkTrust

The current work around in version 0.03 of the app is to use a generating command prior to curl.

|makeresults count=1 | curl ...

I updated the details page of the app to reflect this but I'm also working to release v.0.04 soon which will fix this bug.

View solution in original post

jkat54
SplunkTrust
SplunkTrust

The current work around in version 0.03 of the app is to use a generating command prior to curl.

|makeresults count=1 | curl ...

I updated the details page of the app to reflect this but I'm also working to release v.0.04 soon which will fix this bug.

jkat54
SplunkTrust
SplunkTrust

v 0.04 has been released to address this bug.

0 Karma

jpvalenc
Path Finder

I've updated and the curl command returns result now. Thank you. Just a question, does this support
NTLM authentication? I'm inputting my username/password but I'm only getting a '401 Unauthorized' in return.

0 Karma

jkat54
SplunkTrust
SplunkTrust

No it does not support NTLM currently.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Often you can use username:password@apiserver.somedomain.com. To authenticate, it's possible that would work with this curl command and ntlm

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...