Can a Splunk admin terminate a user session?
run splunk logout ,it will terminate the current session
Is there a better way to do this yet via the web console?
We had an issue where someone was on leave and had a Splunk session open which they had configured to refresh every 5 seconds. They have been told not to do this anymore.
There was noone on staff over Christmas/New Year who could have performed this ssh command.
I would have hoped there should be an easier way?
Apart from restarting Splunk that is.
It's not possible via the UI, but it can be done. It's a little tricky though:
Find the user's session via a REST endpoint of splunkd:
You can see the current session tokens. Find the one of the user you want to kick out and copy the link address of the token. Something like
And then kill the session by executing the following command on the splunk server:
splunk _internal call "https://localhost:8089/services/authentication/httpauth-tokens/4b298e3f7c3aa937f114f3657dbd5314" -method DELETE
This should be implemented in Splunk GUI 🙂