Security

How to block connectivity to Splunk Web on multiple PC's?

KwonTaeHoon
Path Finder

Hello

Multiple PCs can access the same ID when connecting the web to the splunk.

Even if I connect to multiple PCs with the same ID, I only keep the last session I accessed, and the PCs I logged in to before are looking for a way to disconnect the session I accessed.

In a single instance, the session could be cut off as follows.

./splunk _internal call "/services/authentication/httpauth-tokens/[SESSION_ID]" -method DELETE 

The above SESSION_ID used the other field value of the splunk ui access log.

However, this method does not work in a search header cluster.

Can I have a search header cluster maintain only the last session I accessed when connecting from multiple PCs with the same ID?

I look forward to hearing from you.

 

Labels (1)
0 Karma

johnhuang
Motivator

I don't fully understand your objective but it sounds like you have an issue where the previous machines you've logged into are maintaining active sessions with Splunk Web? If that's the case, I think you should look into configuring user session inactivity timeout and set it to 15 minutes.

https://docs.splunk.com/Documentation/Splunk/8.2.8/Admin/Configureusertimeouts

0 Karma

KwonTaeHoon
Path Finder

My goal is to prevent multiple IPs from maintaining access with the same ID and to keep only the last logged-in session.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...