Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Disable Delete Capability - Free Edition

mrjester
Explorer
‎05-12-2012 11:10 AM

Is it possible to disable the delete capability from GUI on the free license of Splunk?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎05-12-2012 11:25 AM

Splunk Free has no authentication or access control. Even if you could disable it via a role permissions update, there's nothing stopping someone from just re-enabling it. All GUI users of Splunk Free have effective admin rights.

View solution in original post

Reply
Solved! Jump to solution

mntbighker
Path Finder
‎04-22-2013 05:46 PM

It seems like you should be able to stop Splunk, edit a conf file, and enable/disable the delete function, then restart Splunk. This would allow you to do occasional cleanup activities after some event mucks everything up. The way we use Splunk it would be crazy to pay for a license, but it seems you should have the ability to stop anyone from using delete. Of course they have every right to make their money, but $2k a year for something that sits collecting forensic data "in case" would be pretty hard to justify to the bean counters. So I agree with mrjester. I was hoping that as well. Maybe the better question here would be, how hard is it to reclaim what someone deleted?

0 Karma
Reply
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎05-12-2012 11:25 AM

Splunk Free has no authentication or access control. Even if you could disable it via a role permissions update, there's nothing stopping someone from just re-enabling it. All GUI users of Splunk Free have effective admin rights.

Reply
Solved! Jump to solution

mrjester
Explorer
‎05-14-2012 06:19 AM

Thanks for confirming what I was finding. I knew there was no RBAC system, but was hoping I could simply remove that capability via a .conf file or something.

0 Karma
Reply
Solved! Jump to solution

cpt12tech
Contributor
‎04-27-2015 12:50 PM

Is this still true for Splunk 6.2.2 Free version? I'm trying to delete records and am unable to.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...