Splunk Cloud Platform

Can we delete user created sourcetypes on Splunk Cloud?

Roy_9
Motivator

Hello,

Is it possible to delete user created sourcetypes on splunk cloud, i checked under all configurations and sourcetypes options but didn't found anything.

Anyone has an idea? I guess we need to open a case to splunk support for deletion?

 

 

Thanks

Labels (1)
0 Karma

Roy_9
Motivator

Hey @richgalloway 

I am on Splunk cloud and I don't see delete option under actions column, I can only see Edit and Clone.

 

Thanks

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I use Splunk Cloud as well and sometime see a "Delete" option.  I don't know what makes it available.

The only other solution I can offer is to upload a new version of the app that contains that sourcetype, but without the sourcetype.

Either way, removing the sourcetype means events with that sourcetype may not be processed properly.

---
If this reply helps you, Karma would be appreciated.
0 Karma

Roy_9
Motivator

@richgalloway Thank you for sharing the instructions.

Meanwhile, I will open a case to Splunk support to see if they enable delete option atleast for sc_admin role.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, you should be able to delete custom sourcetypes.  Go to Settings->Sourcetypes and the Actions column will contain "Delete" for those sourcetypes you can delete.  I don't know how Splunk decides which sourcetypes you can and cannot delete, however.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...