I need to delete a bunch of dashboards which are not visible to me (private ones). I have admin and can_delete permissions. Any advice how I should go about it?
This query shows me all dashboards (including the private ones):
| rest /servicesNS/-/-/data/ui/views | search isDashboard=1 | search eai:acl.app=search
but obviously doesn't give me a way to delete anything.
Thanks in advance.
How about deleting the private dashboard from physical path itself? You can login to your search head physical box and delete dashboard xml from following path for all users
/opt/splunk/etc/users/<<UserNameHERE>>/search/local/data/ui/views
Hi somesoni2,
thanks for your response.
Is there a way to change the permissions of these dashboards on the backend (from private to public)? Also if a deleted dashboard needs to be restored, can it be done by replacing the backed up files in the physical path?
Yes you can do from backend in Splunk search head server
Need to move Dashboard xml file in splunk/etc/apps///data/ui/views
And update default.meta file under /metadata/default.meta file as
[views/XXXXXX_dashboard]
access = read : [ user], write : [ poweruser ]
export = none
owner = XXXXX
version = 6.5.1
modtime = 45356436543674
Can_delete
permission is for deleting indexed data. If you have that permission, then you can use the delete
splunk command. You should be able to delete the dashboards you see from the Settings > User Interface > Views page. You usually can't delete dashboards that are in downloaded Splunk apps (like SplunkForF5Networks). It is also possible to delete dashboards directly (not through the Web UI), though it is sometimes harder to find them. It is very dependent on how your Splunk is installed, too.
I am able to delete all private dashboards via the Web UI on my instance.
Hi,
I believe it's admin_all_objects permission you need.
If you have that, you can see all your dashboards on the "dashboards" tab.
Hi markthompson,
I checked and found that I already have the admin_all_objects permission under the 'admin' role (Also discovered that admin is a user defined role and not a permission.)
Any further advice?