etc/system/local/authentication.conf and etc/system/metadata/local.meta both contain many old entries of users that may no longer be using the platform. The files both get updated automatically when a new user logs in.
On a search cluster, is there a recommended solution for removing these entries?
My plan was just to shutdown the cluster members, removing all the cached data and restarting, but is there a less disruptive way?
Thank you.
There are a few ways to clean up the cache;
i) Restart of splunk,
ii) Or run comand below;
./splunk _internal call /authentication/providers/services/_reload -auth admin:changeme
iii) Or hit the rest endpoint;
"| rest splunk_server=* /services/authentication/providers/services/_reload "
There are a few ways to clean up the cache;
i) Restart of splunk,
ii) Or run comand below;
./splunk _internal call /authentication/providers/services/_reload -auth admin:changeme
iii) Or hit the rest endpoint;
"| rest splunk_server=* /services/authentication/providers/services/_reload "