• Overview
  • Introduction and overview
    • Components
    • Appearance
    • REST API
    • Applications
    • Help
• Architecture
  • Components
    • Processes
    • Configuration files
• Splunk Web appearance
  • How Splunk Uses Skins
    • Skins css Files
    • Images/skins directory
  • Add or remove themes
    • Create a new skin
    • Example
  • Dashboard customization
    • Configuration
    • List modules
    • Add search modules
    • Add html modules
    • Link dashboard to user
• REST API
  • Splunk's REST API
    • Using REST Methods
    • Splunk REST endpoint mappings
    • HTTP ports Splunk uses
    • Examples
  • Get started
    • Send a request
    • Get a response
  • Output formats via XML
    • Example Generic Response
    • Example Generic Response with Messaging
    • Generic Response with Messaging (via error codes)
    • Example Atom Feed Response
    • Example Atom Feed with Messaging
    • Example Atom Entry Response
  • SDKs
    • Python SDK
  • Create a custom endpoint
    • Make a custom application directory
    • Write a handler script
    • Configure restmap.conf
    • Restrict endpoint access
    • Add supporting configuration files
• Auth
  • Authentication Endpoint
    • Login
  • Authentication examples
    • Command Line
    • Python SDK
    • Other Python example
• Properties
  • Properties Endpoint
    • Properties
    • $FILE_NAME
    • $STANZA_NAME
    • $KEY_NAME
    • PropertiesNS
  • Configuration file access with Python
    • Configuration
    • Example
• Search
  • Search Overview
    • Handling Search Results
    • Result Formats
  • Search Endpoint
    • Jobs
    • Search ID
    • Events
    • Results
    • Timeline
    • Summary
    • Control
  • Search with the Python SDK
    • Create a search
    • Work with search results
    • Examples
  • Custom search scripts
    • Configuration files
    • Working with results
    • Authenticate
    • Example
• Saved
  • Saved Endpoint
    • Searches
    • $SAVED_SEARCH_NAME
• Streams
  • Streams Endpoint
    • Search
    • Livetail
• Applications
  • Developer applications overview
  • Applications Endpoint
    • Local
    • $APP_NAME
    • Remote Entries
    • Remote $APP_NAME
    • Category Path
    • Remote Login
• SplunkBase
  • SplunkBase API
    • Apps
    • Types
    • Category Path
    • Entries
    • App Name
• Legacy
  • Legacy methods
    • $LEGACY_METHOD_NAME

Authentication examples

This page includes examples for authenticating against the /services/auth/ endpoint.

Command Line

Following is an example using the wget command and HTTP digest to authenticate and request a token.

wget -O - -q --no-check-certificate --post-data="username=admin&password=changeme" https://localhost:8089/services/auth/login/

Pass wget POST data by using the --post-data= option, which takes a user defined string. The quotes are necessary to avoid passing the & character to the shell's command parser.

Run this from the command line to get an XML response containing your sessionKey:

wget -O - -q --no-check-certificate --post-data="username=admin&password=changeme" https://localhost:8089/services/auth/login/

<response>
<sessionKey>a64fd1c2a24a31285b7add21ee6c9105</sessionKey>
</response>

Extract the token completely from the XML and stick it in a file:

wget -O - -q --no-check-certificate --post-data="username=admin&password=changeme" https://localhost:8089/services/auth/login/ |egrep -o '[a-z0-9]{32}' > splunk_token.txt

cat splunk_token.txt
fe692f8c759027af4664b02912ec333f

Python SDK

Use the Python SDK to authenticate against your Splunk server.

• First, import the necessary Splunk modules:

import splunk.auth as au
import splunk.search as se

• Next, set your key variable to the session key:

key = au.getSessionKey('admin','changeme')

This example uses the default admin/changeme login. Update this for your instance. The getSessionKey method automatically caches the session key in the current interactive session, so you don't have to pass it along to subsequent methods. In a production implementation, or if you are connecting to multiple servers, you'll need to keep track of separate session keys.

If you have installed Splunk with the default settings, then your hostpath is https://localhost:8089. The client library knows this default, so you can authenticate directly by providing a username and password. If your server is on a different hostname or port, then you need to first update the session defaults:

splunk.mergeHostPath('splunk_hostname:12000', True)
key = au.getSessionKey('admin','changeme')

The mergeHostPath method takes host information in many different forms:

• hostname
• hostname:port
• https://hostname
• http://hostname:port

Other Python example

This example uses Python and the httplib2 library. You may need to install it for your particular Python instance.

from httplib2 import Http 
from urllib import urlencode
import xml.dom.minidom as xml

#
# set variables
#
endpoint = 'https://localhost:8089'
authMethod = endpoint + '/services/auth/login/'
authData = {'username': "admin", 'password': "changeme"}

h = Http()
resp, content = h.request(authMethod, "POST", urlencode(authData))

xmlDoc = xml.parseString(content)

tokenElements = xmlDoc.getElementsByTagName('sessionKey')

if not tokenElements:
        print 'No session key found!'
        tokenElements = xmlDoc.getElementsByTagName('msg')
        print 'Reason=%s' % tokenElements[0].firstChild.nodeValue
else:
        sessionKey = tokenElements[0].firstChild.nodeValue
        print 'sessionKey=%s' % sessionKey

Save this as something like first_post.py and then run it:

python first_post.py 
sessionKey=f7242c757db3f85e4a068af7727cf462 

If the server authentication fails you'll get something that looks like this:

python first_post.py 
No session key found!
Reason=Login failed