Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Why can't I delete kvstore collections using the REST API via Python?

pembleton
Path Finder
‎04-02-2015 03:19 AM

I'm trying to delete kvstore collection using REST API via Python:

url = "https://localhost:8089/servicesNS/nobody/myapp/storage/collections/config/deleteme"
request = urllib2.Request(url, headers = {"Authorization" : "Splunk "})
request.get_method = lambda: "DELETE"
results = urllib2.urlopen(request)

This returns HTTP Error 400: Bad request.

The code works for other kvstore functions (when changing the URL) such as deleting collection's data, and I used the correct URL according to the documentation so I can't figure out why this doesn't work.

Reply

dsmc_adv
Path Finder
‎02-01-2017 07:06 AM

I cannot delete either. I get an error:

curl -k -s -u admin:changeme https://localhost:8089/servicesNS/nobody/myapp/storage/collections/config/test_collection_collection -X DELETE

<msg type="ERROR">Object id=test_collection_collection cannot be deleted in config=collections.</msg>
0 Karma
Reply

awurster
Contributor
‎06-11-2015 09:14 PM

i found this frustrating too. you actually have to POST the option as shown in the CURL examples in the docs.

the way i do it is using splunk's rest.simpleRequest method. strangely, i always seem to misplace the link for the SDK, but here's an example:
http://answers.splunk.com/answers/144000/modifying-acl-saved-search-permissions-through-rest-api-usi...

it's not ideal - but perhaps you could first retrieve all the data points in that collection, and then iteratively delete them?

query_uri = '/servicesNS/nobody/<app>/storage/collections/data/<kvstore>'
serverResponse, serverContent = rest.simpleRequest(query_uri, sessionKey=sessionKey)
for result in serverContent:
removal_uri = '/servicesNS/nobody/<app>/storage/collections/data/<kvstore>/%s' % result['_key']
    serverResponse, serverContent = rest.simpleRequest(removal_uri, sessionKey=sessionKey, method='DELETE')

maybe you can also leverage one of the answers from my similar question:
https://answers.splunk.com/answers/237859/can-i-delete-all-data-from-a-kv-store-at-once.html

0 Karma
Reply

ineeman
Splunk Employee
Splunk Employee
‎04-02-2015 11:29 AM

What happens if you make the same request using curl? Also, likely there is some output together with the 400 status code - can you post it here?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...