Lastpass Splunk

Posted onby admin

On sessionKeys to the Kingdom:

I started making a scripted input app to pull in logs from the LastPass Enterprise API. Everything was progressing nicely until I found I could not retrieve the encrypted API key from Splunk where I saved it. I was going to be smart and re-use my class that I created for alert scripts. That is when I beat my head on the wall. Scripted Inputs get sent a sessionKey if you set the passAuth value for your script in the inputs.conf stanza. Stdin is also how sessionKeys are sent to alert_scripts. So I figured my existing code would work great.

I kept getting authentication failures on the API. It turns out, I had not put in a logDebug event for the original sessionKey as it came in. So I had not noticed an inconsistency. SessionKeys sent for scripted inputs do NOT have the “sessionKey=” string at the front of the key sent by Splunk to alert scripts. Thus re-using my existing code that clips off those eleven characters broke the sessionKey value. So I share it here in case you are learning new Splunk features that depend on the sessionKey. Check your original values if you get authentication errors on the API. The sessionKey could contain extra text you have to remove or is URL encoded.

If you wish to get a quick way to learn which IT Management Software product is better, our unique algorythm gives LastPass a score of 8.7 and Splunk Cloud a score of 8.6 for all round quality and performance. Moreover, LastPass is rated at 91%, while Splunk Cloud is rated N/A% for their user satisfaction level. Your RingCentral and Splunk should work hand in hand. Build a new recipe connecting RingCentral and Splunk, or use existing recipes developed by the Workato community. In addition, we’ve recently added integration with Splunk, so IT teams can collect relevant LastPass data and manage LastPass reports in Splunk Cloud. The new LastPass Enterprise Log in to the LastPass Enterprise admin dashboard today to start exploring our updates to the Reports tab. Contribute to splunk/TA-lastpass development by creating an account on GitHub.

Remember that you can submit feature enhancement requests through the Splunk support portal. It is important when you find such inconsistencies to submit it so Splunk developers can eventually fix it. I did on this one.

Lastpass Splunk Download

On Indention in Python Scripts:


L Pass

I used to give no thought to using tabs in my Python script as long as it indented right. Now I am firmly in the “four spaces” in place of a tab camp. I have gone through and updated all the code in my git repo to be four spaces based. I found I was getting unexplained bugs where code may or may not execute when expected. It turns out it was all indention related. Code was running only when an IF stanza above it was true. A pesky hidden tab was causing it. So if you edit in vi/vim make sure to change your config to use four spaces. I found these two great links on doing that and putting it into your .vimrc file for persistance.