Re: how delete a data from an index

amyculquer · ‎05-27-2016

I try to delete data but it does not work and show me this message Error in 'delete' command: You have insufficient privileges to delete events. So I create a user who has the the "delete_by_keyword" capability with the role can_delete but it does not work eigther.

diogofgm · ‎05-27-2016

You have a role called "can_delete". Just add it to you user.

------------
Hope I was able to help you. If so, some karma would be appreciated.

amyculquer · ‎05-27-2016

I did that, but it does not work

somesoni2 · ‎05-27-2016

You get the same error with your new role (which has can_delete capability)?

amyculquer · ‎05-27-2016

Yes, I create the user named deleted which has the role of can_delete , this role is already enabled by keyword delete and still does not work and show me the error mensagge You have insufficient privileges to delete events.

how delete a data from an index

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation