1

I can run a splunk api call in bash and get back a SID which I then use to get back a splunk query. The first part of it is below. However, I am having issues when changing this to a python request using requests. I keep getting an ssl CERTIFICATE_VERIFY_FAILED error.

Bash Command

data=$( curl -k -u username:password https://<splunk_endpoint>/services/search/jobs -d 'search=search earliest=-1m index=_internal')
echo $data

Bash Output: 1538748227.228319_D07875A9-FDD6-46E8-BE77-EDF9BD9A73B1

python requests

import requests

baseurl = 'https://<splunk_endpoint>/services/search/jobs'

headers = {
    "Content-Type": "application/json",
}

data = {
    'username': 'username',
    'password': 'password',
    "search": "search earliest=-1m index=_internal",
}

r = requests.get(baseurl, data=json.dumps(data), headers=headers)
print(r.json())

I'm not exactly sure where to put the username and password. Does that belong in 'data'? in headers? somewhere else? I also don't know if my -d conversino to the data dictionary is correct. I think it is.

Any thoughts

Improve this question
2
  • Is the value of search three different parameters or is that all part of the search parameter for the api? Commented Oct 5, 2018 at 18:11
  • Also can you post the full error message? Commented Oct 5, 2018 at 18:12

2 Answers 2

Reset to default
1

The Requests library verifies SSL certificates for HTTPS requests. You are most likely using a Splunk self-signed certificate which doesn't match.

You can ignore this check by adding verify=False to the get.

r = requests.get(baseurl, data=json.dumps(data), headers=headers, verify=False)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I came across this question when looking for interacting with Splunk using Python's requests library. I could not figure out how to create the search payload. Here is my basic code for scheduling a job and obtaining the SID:

import requests
    
username = 'my_username'
password = 'my_password'
search = {'search':'search earliest=-5m index=_internal'}

r = requests.post('https://splunk-search:8089/services/search/jobs/', auth=(my_username, my_password), data=search, verify="/etc/pki/tls/cert.pem")

print(r.text)
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.