diff --git a/test.py b/test.py
new file mode 100644
index 0000000..921158b
--- /dev/null
+++ b/test.py
@@ -0,0 +1,49 @@
+import requests
+
+deployment_server = "10.218.7.194"
+splunk_username = "usr-splunkadm"
+splunk_password = ""
+ds_auth = (splunk_username, splunk_password)
+
+
+def remove_client(guid):
+    print(f'removing: {guid}')
+    endpoint='services/deployment/server/clients'
+    response = requests.delete(f"http://{deployment_server}:8089/{endpoint}/{guid}", auth=ds_auth)
+    print(response.status_code)
+    
+
+
+def find_old_clients():
+
+    # 6h  = 21600
+    # 12h = 43200
+    # 24h = 86400
+    # 48h = 172800
+
+    search = ('| rest splunk_server=local /services/deployment/server/clients '
+             '| eval last_seen = now() - lastPhoneHomeTime '
+             '| where last_seen > 86400 '
+             '| rename clientName as guid '
+             '| fields guid')
+    data = { 'search': search }
+    header = {
+        'Content-Type: application/json'
+    }
+    endpoint='servicesNS/admin/search/search/jobs/export'
+    response = requests.post(f'http://{deployment_server}:8089/{endpoint}', data=data, auth=ds_auth)
+    print(response)
+    '''xmlroot=etree.fromstring(response.content)
+    results=[]
+    for result in xmlroot.findall('result/field/value/text'):
+        results.append(result.text)
+        # print(guid)'''
+    
+    return(results)
+
+
+if __name__ == '__main__':
+
+    old_clients = find_old_clients()
+    '''for guid in old_clients:
+        remove_client(guid)'''
\ No newline at end of file