Security
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk free and capability

Alive77
New Member
‎08-03-2017 06:47 AM

I just installed Splunk 6.6.2 free.
Is there a way to modify free user capability, in my situation I would like disable delete capability.

At this moment, I create a new user and i'm able to delete events using CLI, with command:

index= somethingtodelete | delete

Thanks in advance.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ChrisG
Splunk Employee
Splunk Employee
‎08-03-2017 07:55 AM

If you are using the free Enterprise trial, then check alemarzu's suggestion.

If you are using Splunk Free, then there is no user or role management (see About Splunk Free in the Admin Manual).

The fact that you could create a user account suggests that you are using the 60-day free Enterprise trial, which is what you get when you first download and install Splunk Enterprise.

View solution in original post

Reply
Solved! Jump to solution
Solution

ChrisG
Splunk Employee
Splunk Employee
‎08-03-2017 07:55 AM

If you are using the free Enterprise trial, then check alemarzu's suggestion.

If you are using Splunk Free, then there is no user or role management (see About Splunk Free in the Admin Manual).

The fact that you could create a user account suggests that you are using the 60-day free Enterprise trial, which is what you get when you first download and install Splunk Enterprise.

Reply
Solved! Jump to solution

Alive77
New Member
‎08-03-2017 08:14 AM

I didn't create a user, as you said it is the user (no-user) of the Splunk-free version.
I modified the license from trial to free.

In he Admin Manual, about free version, there is not a description of the enabled capabilities.
I expected that even if there is not role management the events access/deletion could be managed.

0 Karma
Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎08-03-2017 08:44 AM

Quoting from that topic: "All accesses are treated as equivalent to the admin user. There is only one role (admin), and it is not configurable. You cannot add more roles or create user accounts." The admin role has all the capabilities listed here, and you cannot configure or manage them under the free license.

0 Karma
Reply
Solved! Jump to solution

Alive77
New Member
‎08-04-2017 01:58 AM

@ChrisG that's not true. According the manual, Admin has not the delete_by_keyword capability. In Splunk Free this capability is active.

0 Karma
Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎08-04-2017 08:32 AM

Good correction, thank you!

0 Karma
Reply
Solved! Jump to solution

alemarzu
Motivator
‎08-03-2017 07:40 AM

Hi there, edit the capabilities of the role related to that user or check if role user ineherits can_delete capability from other role.

Reply
Get Updates on the Splunk Community!

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...
Top