Splunk Enterprise

Clear Splunk Web session

dubeysantosh
Explorer

I want to clear all splunk web session without restarting splunk service ? Is there a way to achieve this.

Tags (1)
0 Karma

dubeysantosh
Explorer

splunkd handles indexing, searching, forwarding, and (as of Splunk Enterprise version 6.2) the Web interface that you log into Splunk Enterprise with.
The process is a distributed C/C++ binary that accesses, processes, and indexes streaming data and handles search requests. It also handles the Splunk Web interface as of Splunk Enterprise version 6.2. You can configure the splunkd service without the Splunk Web component by configuring the instance as a light or heavy forwarder.

If you are running older version prior 6.2 you will be able to restart splunkweb.

1.How to check if I am running in legacy mode ?
Check if Splunk is running
To check if Splunk Enterprise is running, type this command at the shell prompt on the server host:

splunk status

You should see this output:

splunkd is running (PID: 3162).
splunk helpers are running (PIDs: 3164).
If Splunk Enterprise runs in legacy mode, you will see an additional line in the output:

splunkweb is running (PID: 3216).

if you are running in legacy mode then you can run below command to restart splunkweb.

splunk restart splunkweb -auth username:password

For more details please kindly read the reference document listed at http://docs.splunk.com/Documentation/Splunk/6.3.2/Admin/StartSplunk#Start_Splunk_Enterprise_on_Unix_.... If you system is not running on legacy mode you have do restart splunk this restart splunkd ( indexer and splunk web interface).

0 Karma

harsmarvania57
Ultra Champion

Hi,

You can achieve this via REST API, have look at document http://docs.splunk.com/Documentation/Splunk/7.2.0/RESTREF/RESTaccess#authentication.2Fhttpauth-token..., so first you need to GET all the httpauth-tokens except splunk-system-user account and then use another REST API DELETE request to delete all httpauth-tokens, this will kick out all users session. I'll strongly recommend to perform this in Test Environment first before going to production.

Above steps only remove existing httpauth-tokens, if you will be going to change Splunk Web related configuration then you need to restart splunk.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...