Solved: Re: Disable Delete Capability - Free Edition

mrjester · ‎05-12-2012

Is it possible to disable the delete capability from GUI on the free license of Splunk?

dwaddle · ‎05-12-2012

Splunk Free has no authentication or access control. Even if you could disable it via a role permissions update, there's nothing stopping someone from just re-enabling it. All GUI users of Splunk Free have effective admin rights.

View solution in original post

mntbighker · ‎04-22-2013

It seems like you should be able to stop Splunk, edit a conf file, and enable/disable the delete function, then restart Splunk. This would allow you to do occasional cleanup activities after some event mucks everything up. The way we use Splunk it would be crazy to pay for a license, but it seems you should have the ability to stop anyone from using delete. Of course they have every right to make their money, but $2k a year for something that sits collecting forensic data "in case" would be pretty hard to justify to the bean counters. So I agree with mrjester. I was hoping that as well. Maybe the better question here would be, how hard is it to reclaim what someone deleted?

dwaddle · ‎05-12-2012

Splunk Free has no authentication or access control. Even if you could disable it via a role permissions update, there's nothing stopping someone from just re-enabling it. All GUI users of Splunk Free have effective admin rights.

mrjester · ‎05-14-2012

Thanks for confirming what I was finding. I knew there was no RBAC system, but was hoping I could simply remove that capability via a .conf file or something.

cpt12tech · ‎04-27-2015

Is this still true for Splunk 6.2.2 Free version? I'm trying to delete records and am unable to.

Disable Delete Capability - Free Edition

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash