Security

Terminate User Session

ogdin
Splunk Employee
Splunk Employee

Can a Splunk admin terminate a user session?

Tags (1)

vin02ptl
Explorer

run splunk logout ,it will terminate the current session

0 Karma

phoenixdigital
Builder

Is there a better way to do this yet via the web console?

We had an issue where someone was on leave and had a Splunk session open which they had configured to refresh every 5 seconds. They have been told not to do this anymore.

There was noone on staff over Christmas/New Year who could have performed this ssh command.

I would have hoped there should be an easier way?

Apart from restarting Splunk that is.

0 Karma

ziegfried
Influencer

It's not possible via the UI, but it can be done. It's a little tricky though:

Find the user's session via a REST endpoint of splunkd:

https://localhost:8089/services/authentication/httpauth-tokens

You can see the current session tokens. Find the one of the user you want to kick out and copy the link address of the token. Something like

https://localhost:8089/services/authentication/httpauth-tokens/4b298e3f7c3aa937f114f3657dbd5314

And then kill the session by executing the following command on the splunk server:

splunk _internal call "https://localhost:8089/services/authentication/httpauth-tokens/4b298e3f7c3aa937f114f3657dbd5314" -method DELETE

realsplunk
Motivator

This should be implemented in Splunk GUI 🙂

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!