Splunk Dev

how delete a data from an index

amyculquer
Explorer

I try to delete data but it does not work and show me this message Error in 'delete' command: You have insufficient privileges to delete events. So I create a user who has the the "delete_by_keyword" capability with the role can_delete but it does not work eigther.

Tags (1)

diogofgm
SplunkTrust
SplunkTrust

You have a role called "can_delete". Just add it to you user.

------------
Hope I was able to help you. If so, some karma would be appreciated.

amyculquer
Explorer

I did that, but it does not work

0 Karma

somesoni2
Revered Legend

You get the same error with your new role (which has can_delete capability)?

0 Karma

amyculquer
Explorer

Yes, I create the user named deleted which has the role of can_delete , this role is already enabled by keyword delete and still does not work and show me the error mensagge You have insufficient privileges to delete events.

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Get Agentic with Splunk Lantern: Connect to Cisco Cloud Control, Transform ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

July Community Events: Master ITSI 5.0 & Automate Splunk

Struggling with alert fatigue or feeling like you're spending more time on infrastructure maintenance than ...

New Release of Federated Search: Bringing Splunk Analytics to More of Your Data

Organizations today are generating more data than ever and storing it across cloud object stores, data lakes, ...