Getting Data In

Disable Delete Capability - Free Edition

mrjester
Explorer

Is it possible to disable the delete capability from GUI on the free license of Splunk?

0 Karma
1 Solution

dwaddle
SplunkTrust
SplunkTrust

Splunk Free has no authentication or access control. Even if you could disable it via a role permissions update, there's nothing stopping someone from just re-enabling it. All GUI users of Splunk Free have effective admin rights.

View solution in original post

mntbighker
Path Finder

It seems like you should be able to stop Splunk, edit a conf file, and enable/disable the delete function, then restart Splunk. This would allow you to do occasional cleanup activities after some event mucks everything up. The way we use Splunk it would be crazy to pay for a license, but it seems you should have the ability to stop anyone from using delete. Of course they have every right to make their money, but $2k a year for something that sits collecting forensic data "in case" would be pretty hard to justify to the bean counters. So I agree with mrjester. I was hoping that as well. Maybe the better question here would be, how hard is it to reclaim what someone deleted?

0 Karma

dwaddle
SplunkTrust
SplunkTrust

Splunk Free has no authentication or access control. Even if you could disable it via a role permissions update, there's nothing stopping someone from just re-enabling it. All GUI users of Splunk Free have effective admin rights.

mrjester
Explorer

Thanks for confirming what I was finding. I knew there was no RBAC system, but was hoping I could simply remove that capability via a .conf file or something.

0 Karma

cpt12tech
Contributor

Is this still true for Splunk 6.2.2 Free version? I'm trying to delete records and am unable to.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...