Splunk Enterprise Security

How to delete users with realms via REST API in Enterprise Security Credential Management?


Hi Splunkers & Splunkettes,

So when attempting to remove a configured user via a REST API call, I don't seem to be able to specify a unique user by realm. For example, If I configure two users:

username: svc_splunk

realm: blank


username: svc_splunk

realm: SA-ThreatIntelligence

Issuing the following command will remove the first one:

curl -k -u admin:pass --request DELETE \

``However, when running it again, I am advised that the user doesn't exist (despite the fact it's present on the Credential Manager page).

From the docs (LINK) there appears to be no way to specify the realm, hence no way to delete the user.

Is there something undocumented that I'm missing?

PS. The current method of changing & deleting users once added is horrible

0 Karma

Splunk Employee
Splunk Employee
curl -k -u admin:changeme --request DELETE https://localhost:8089/servicesNS/nobody/search/storage/passwords/realm:username:

For example, the user 'simon' in realm 'work' would be

curl -k -u admin:changeme --request DELETE https://localhost:8089/servicesNS/nobody/search/storage/passwords/work:simon:
0 Karma
Get Updates on the Splunk Community!

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more with ITSI’s ...

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more! Faster Time to ValueManaging and ...

New Release | Splunk Enterprise 9.3

Admins and Analyst can benefit from:  Seamlessly route data to your local file system to save on storage ...

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...