Sending a search query to Splunk using Python's request library

Question

I want to send a search query to Splunk using Python3 and the requests library and would like to receive a SID of search job. Firstly, I am able to get the session_key with:

#!/usr/bin/env python3

import requests
from bs4 import BeautifulSoup
    
username = 'my_username'
password = 'my_password'
base_url = 'https://splunk-search:8089'

r = requests.get(base_url+"/servicesNS/admin/search/auth/login", data={'username':username,'password':password}, verify="/etc/pki/tls/cert.pem")

session_key = BeautifulSoup(r.text, 'lxml').find("sessionkey").text

#verify we get the session key as string
print(f"session key is {session_key} and its type is {type(session_key)}")

which makes me confident that I am authenticated. Once I have the session_key, I would like to post a search job with:

search_query = "search = search earliest=-5m index=_internal"

r = requests.post(base_url+'/services/search/jobs', data=search_query, headers = {'Authorization': 'Splunk %s' % session_key}, verify="/etc/pki/tls/cert.pem")

#view the response, I would hope to see a SID here
print(r.text)

Despite having access to the Splunk index I query, I get the following response:



  
    call not properly authenticated

What am I missing here? Intuition tells me it is the request.post method that is malfored but I can't see to find where the error is.

Sending a search query to Splunk using Python's request library

Answers (1)

Related Questions

Sending a search query to Splunk using Python&#39;s request library

Answers (1)

Related Questions

Sending a search query to Splunk using Python's request library