vgallegoiz/DeleteClientDSSplunk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
50d9c060dda004582540e8a16330da620d427d95
DeleteClientDSSplunk/test.py
victor 50d9c060dd Script without ucc to test
2024-06-18 23:54:05 +02:00

49 lines
1.4 KiB
Python
Raw Blame History

import requests
deployment_server = "10.218.7.194"
splunk_username = "usr-splunkadm"
splunk_password = ""
ds_auth = (splunk_username, splunk_password)
def remove_client(guid):
print(f'removing: {guid}')
endpoint='services/deployment/server/clients'
response = requests.delete(f"http://{deployment_server}:8089/{endpoint}/{guid}", auth=ds_auth)
print(response.status_code)
def find_old_clients():
# 6h = 21600
# 12h = 43200
# 24h = 86400
# 48h = 172800
search = ('| rest splunk_server=local /services/deployment/server/clients '
'| eval last_seen = now() - lastPhoneHomeTime '
'| where last_seen > 86400 '
'| rename clientName as guid '
'| fields guid')
data = { 'search': search }
header = {
'Content-Type: application/json'
}
endpoint='servicesNS/admin/search/search/jobs/export'
response = requests.post(f'http://{deployment_server}:8089/{endpoint}', data=data, auth=ds_auth)
print(response)
'''xmlroot=etree.fromstring(response.content)
results=[]
for result in xmlroot.findall('result/field/value/text'):
results.append(result.text)
# print(guid)'''
return(results)
if __name__ == '__main__':
old_clients = find_old_clients()
'''for guid in old_clients:
remove_client(guid)'''
Reference in New Issue View Git Blame Copy Permalink