How to block connectivity to Splunk Web on multipl...

KwonTaeHoon · ‎10-06-2022

Hello

Multiple PCs can access the same ID when connecting the web to the splunk.

Even if I connect to multiple PCs with the same ID, I only keep the last session I accessed, and the PCs I logged in to before are looking for a way to disconnect the session I accessed.

In a single instance, the session could be cut off as follows.

./splunk _internal call "/services/authentication/httpauth-tokens/[SESSION_ID]" -method DELETE

The above SESSION_ID used the other field value of the splunk ui access log.

However, this method does not work in a search header cluster.

Can I have a search header cluster maintain only the last session I accessed when connecting from multiple PCs with the same ID?

I look forward to hearing from you.

johnhuang · ‎10-06-2022

I don't fully understand your objective but it sounds like you have an issue where the previous machines you've logged into are maintaining active sessions with Splunk Web? If that's the case, I think you should look into configuring user session inactivity timeout and set it to 15 minutes.

https://docs.splunk.com/Documentation/Splunk/8.2.8/Admin/Configureusertimeouts

KwonTaeHoon · ‎10-06-2022

My goal is to prevent multiple IPs from maintaining access with the same ID and to keep only the last logged-in session.

How to block connectivity to Splunk Web on multiple PC's?

login

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!