How I can automatically remove unused token in Mon...

splunkTest13 · ‎04-25-2018

Hello 🙂

I have a question. I just created a script for ansible in Python which asked Splunk to generate and enable token, and asked docker to run the container with the token returned.
I tried many times to execute the script, as it worked before, I realized that I have created like 20 tokens.

So, it's not a good way to access the web interface and is deleting all tokens with 3 clicks per one.

So my question is :
Is there an existing way known if tokens receive a log from docker container? Or something to automatically delete it?

Thank's a lot,

Have a great day.

Juliette

outcoldman · ‎04-26-2018

You can use HTTP Event Collector: Instance dashboard in Monitoring Console to find which tokens were used (received data, etc).

I don't know of any automatic way to delete these tokens. But you can just open the inputs.conf file and remove these tokens from here and reload input settings after that https://yoursplunk.com/en-US/debug/refresh (if that does not work, you will need to restart the splunk). Another option is to use Http Event Collector CLI http://dev.splunk.com/view/event-collector/SP-CAAAE7D

How I can automatically remove unused token in Monitoring Docker - Metrics and Logs Forwarding?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms