Hello
Multiple PCs can access the same ID when connecting the web to the splunk.
Even if I connect to multiple PCs with the same ID, I only keep the last session I accessed, and the PCs I logged in to before are looking for a way to disconnect the session I accessed.
In a single instance, the session could be cut off as follows.
./splunk _internal call "/services/authentication/httpauth-tokens/[SESSION_ID]" -method DELETE
The above SESSION_ID used the other field value of the splunk ui access log.
However, this method does not work in a search header cluster.
Can I have a search header cluster maintain only the last session I accessed when connecting from multiple PCs with the same ID?
I look forward to hearing from you.
I don't fully understand your objective but it sounds like you have an issue where the previous machines you've logged into are maintaining active sessions with Splunk Web? If that's the case, I think you should look into configuring user session inactivity timeout and set it to 15 minutes.
https://docs.splunk.com/Documentation/Splunk/8.2.8/Admin/Configureusertimeouts
My goal is to prevent multiple IPs from maintaining access with the same ID and to keep only the last logged-in session.