All Apps and Add-ons

How I can automatically remove unused token in Monitoring Docker - Metrics and Logs Forwarding?


Hello 🙂

I have a question. I just created a script for ansible in Python which asked Splunk to generate and enable token, and asked docker to run the container with the token returned.
I tried many times to execute the script, as it worked before, I realized that I have created like 20 tokens.

So, it's not a good way to access the web interface and is deleting all tokens with 3 clicks per one.

So my question is :
Is there an existing way known if tokens receive a log from docker container? Or something to automatically delete it?

Thank's a lot,

Have a great day.


0 Karma


You can use HTTP Event Collector: Instance dashboard in Monitoring Console to find which tokens were used (received data, etc).

I don't know of any automatic way to delete these tokens. But you can just open the inputs.conf file and remove these tokens from here and reload input settings after that (if that does not work, you will need to restart the splunk). Another option is to use Http Event Collector CLI

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...