I have a question. I just created a script for ansible in Python which asked Splunk to generate and enable token, and asked docker to run the container with the token returned.
I tried many times to execute the script, as it worked before, I realized that I have created like 20 tokens.
So, it's not a good way to access the web interface and is deleting all tokens with 3 clicks per one.
So my question is :
Is there an existing way known if tokens receive a log from docker container? Or something to automatically delete it?
Thank's a lot,
Have a great day.
You can use HTTP Event Collector: Instance dashboard in Monitoring Console to find which tokens were used (received data, etc).
I don't know of any automatic way to delete these tokens. But you can just open the inputs.conf file and remove these tokens from here and reload input settings after that
https://yoursplunk.com/en-US/debug/refresh (if that does not work, you will need to restart the splunk). Another option is to use Http Event Collector CLI http://dev.splunk.com/view/event-collector/SP-CAAAE7D