The above procedure work most of the case. However, I did hit "Unauthorized" when running above curl command even the username/password is correct. I use below alternative and it works.
First, login to splunk first.
# ./splunk login
Splunk username: admin
Password:
Then, check the session key stored under your login profile.
# cd ~/.splunk
# ls -l
authToken_xxxxxxxxxxx_8089
# cat authToken_xxxxxxxxxxx_8089
<auth><username>admin</username><sessionkey>861QHAwxbgNbssLPHed92VEkK4P^lAVlalKCmY9v1xf5Q16zlQJMri39U21oc7jTyJg9xtk4vi3dFpOqBZT3mqYSWu_y^E2vppzCVovekuFX48a</sessionkey><cookie>splunkd_8089</cookie></auth>
Run the above curl again with the above session token.
# curl -k -H "Authorization: Splunk 861QHAwxbgNbssLPHed92VEkK4P^lAVlalKCmY9v1xf5Q16zlQJMri39U21oc7jTyJg9xtk4vi3dFpOqBZT3mqYSWu_y^E2vppzCVovekuFX48a" https://localhost:8089/servicesNS/nobody/system/storage/collections/data/assetcollection/5b6953c8978...
You need to know the _key associated with the record that you want to delete first.
Suppose you've a lookup called asset_kvlookup and is under collection=assetcollection. Run below search will show you all the _key associated with the record.
| inputlookup asset_kvlookup|eval assetkey = _key
Assume the key assetkey return "5b6953c89787925c6501af61", you can use this key to remove the record by running below curl.
To display the record that is going to delete.
# curl -k -u admin:changeme https://localhost:8089/servicesNS/nobody/system/storage/collections/data/assetcollection/5b6953c8978...
To delete the record.
# curl -k -u admin:changeme -X DELETE https://localhost:8089/servicesNS/nobody/system/storage/collections/data/assetcollection/5b6953c8978...