Authentication

The most up-to-date version of this page lives here

Note: The 3.2.x versions of Splunk return an error when you attempt to connect to the /services/auth/login endpoint. Other endpoints still function normally, and can be accessed with any made up auth token. This has now been fixed in the 3.3.x version of Splunk.

Splunk's server uses SSL and a token in the HTTP request headers to establish a persistent, secure connection to the REST endpoints.

Splunkd supports several different authentication methods:

• HTTP header auth
• HTTP digest auth
• URL parameters

Refer to the authentication page for more information on authenticating methods.

Command Line Examples

Following is an example using the wget command and HTTP digest to authenticate and request a token.

wget -O - -q --no-check-certificate --post-data="username=admin&password=changeme" https://localhost:8089/services/auth/login/

You pass wget POST data by using the --post-data= option, which takes a user defined string. The quotes are necessary to avoid passing the & character to the shell's command parser.

Running this from the command line should get back a XML response containing your sessionKey:

kord@foobar:~$ wget -O - -q --no-check-certificate --post-data="username=admin&password=changeme" https://localhost:8089/services/auth/login/

<response>
<sessionKey>a64fd1c2a24a31285b7add21ee6c9105</sessionKey>
</response>

kord@foobar:~$ 

Still using wget, and a wee bit of regex, you can extract the token completely from the XML and stick it in a file.

kord@foobar:~$ wget -O - -q --no-check-certificate --post-data="username=admin&password=changeme" https://localhost:8089/services/auth/login/ |egrep -o '[a-z0-9]{32}' > splunk_token.txt

kord@foobar:~$ cat splunk_token.txt
fe692f8c759027af4664b02912ec333f
kord@foobar:~$ 

Python Example

This example uses Python and the httplib2 library. You may need to install it for your particular Python instance.

from httplib2 import Http 
from urllib import urlencode
import xml.dom.minidom as xml

#
# set variables
#
endpoint = 'https://localhost:8089'
authMethod = endpoint + '/services/auth/login/'
authData = {'username': "admin", 'password': "changeme"}

h = Http()
resp, content = h.request(authMethod, "POST", urlencode(authData))

xmlDoc = xml.parseString(content)

tokenElements = xmlDoc.getElementsByTagName('sessionKey')

if not tokenElements:
        print 'No session key found!'
        tokenElements = xmlDoc.getElementsByTagName('msg')
        print 'Reason=%s' % tokenElements[0].firstChild.nodeValue
else:
        sessionKey = tokenElements[0].firstChild.nodeValue
        print 'sessionKey=%s' % sessionKey

Save this as something like first_post.py and then run it:

[kord@tiny examples]$ python first_post.py 
sessionKey=f7242c757db3f85e4a068af7727cf462 

If the server authentication fails you'll get something that looks like this:

[kord@tiny examples]$ python first_post.py 
No session key found!
Reason=Login failed

<< Go back to Endpoints | Move on to Starting a Job >>