Splunk Enterprise

Clear Splunk Web session

dubeysantosh
Explorer

I want to clear all splunk web session without restarting splunk service ? Is there a way to achieve this.

Tags (1)
0 Karma

dubeysantosh
Explorer

splunkd handles indexing, searching, forwarding, and (as of Splunk Enterprise version 6.2) the Web interface that you log into Splunk Enterprise with.
The process is a distributed C/C++ binary that accesses, processes, and indexes streaming data and handles search requests. It also handles the Splunk Web interface as of Splunk Enterprise version 6.2. You can configure the splunkd service without the Splunk Web component by configuring the instance as a light or heavy forwarder.

If you are running older version prior 6.2 you will be able to restart splunkweb.

1.How to check if I am running in legacy mode ?
Check if Splunk is running
To check if Splunk Enterprise is running, type this command at the shell prompt on the server host:

splunk status

You should see this output:

splunkd is running (PID: 3162).
splunk helpers are running (PIDs: 3164).
If Splunk Enterprise runs in legacy mode, you will see an additional line in the output:

splunkweb is running (PID: 3216).

if you are running in legacy mode then you can run below command to restart splunkweb.

splunk restart splunkweb -auth username:password

For more details please kindly read the reference document listed at http://docs.splunk.com/Documentation/Splunk/6.3.2/Admin/StartSplunk#Start_Splunk_Enterprise_on_Unix_.... If you system is not running on legacy mode you have do restart splunk this restart splunkd ( indexer and splunk web interface).

0 Karma

harsmarvania57
Ultra Champion

Hi,

You can achieve this via REST API, have look at document http://docs.splunk.com/Documentation/Splunk/7.2.0/RESTREF/RESTaccess#authentication.2Fhttpauth-token..., so first you need to GET all the httpauth-tokens except splunk-system-user account and then use another REST API DELETE request to delete all httpauth-tokens, this will kick out all users session. I'll strongly recommend to perform this in Test Environment first before going to production.

Above steps only remove existing httpauth-tokens, if you will be going to change Splunk Web related configuration then you need to restart splunk.

0 Karma
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...