0

I am trying to do a search query in splunk through an API. I found a reference code on https://docs.splunk.com/Documentation/Splunk/8.0.4/RESTTUT/RESTsearches. I tried running the code on jupyter notebook.

But it gives a Connection refused error.

Code:

    from __future__ import print_function
    from future import standard_library
    standard_library.install_aliases()
    import urllib.request, urllib.parse, urllib.error
    import httplib2
    from xml.dom import minidom

    baseurl = 'https://localhost:8089'
    userName = 'username'
    password = 'password'

    searchQuery = '| inputcsv foo.csv | where sourcetype=access_common | head 5'

    # Authenticate with server.
    # Disable SSL cert validation. Splunk certs are self-signed.
    serverContent = httplib2.Http(disable_ssl_certificate_validation=True).request(baseurl +                         '/services/auth/login','POST', headers={}, body=urllib.parse.urlencode({'username':userName,         'password':password}))[1]

    sessionKey = minidom.parseString(serverContent).getElementsByTagName('sessionKey')        [0].childNodes[0].nodeValue

    # Remove leading and trailing whitespace from the search
    searchQuery = searchQuery.strip()

    # If the query doesn't already start with the 'search' operator or another
    # generating command (e.g. "| inputcsv"), then prepend "search " to it.
    if not (searchQuery.startswith('search') or searchQuery.startswith("|")):
searchQuery = 'search ' + searchQuery

            print(searchQuery)

    # Run the search.
    # Again, disable SSL cert validation.
    print(httplib2.Http(disable_ssl_certificate_validation=True).request(baseurl +         '/services/search/jobs','POST',
        headers={'Authorization': 'Splunk %s' % sessionKey},body=urllib.parse.urlencode({'search': searchQuery}))[1]) '''

Error:

    ConnectionRefusedError: [Errno 111] Connection refused

Any help would be highly appreciated.

Improve this question

1 Answer 1

Reset to default
1

ConnectionRefusedError: [Errno 111] Connection refused is thrown when your script cannot create a TCP connection to the server. Can you confirm using telnet that the server is running and is allowing connections on port 8089. This doesn't look like a HTTP or permission issue, the error is for something lower in the stack.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.