Splunk Enterprise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Warning User when try to execute outoutlook up command from front end to avoid deleteing accidental records from kvstore

vksplunk1
Explorer
‎02-21-2025 07:12 AM

Hi  -  Is there a way to Warning the user when try to execute outoutlook up command from front end to avoid deleting accidental records from kvstore.

 

Thank you

Labels (1)
Labels
0 Karma
Reply

livehybrid
Champion
‎02-21-2025 07:32 AM

Hi @vksplunk1 

Outputlookup is already categorised as a risky command in terms of protection against SPL in links clicked, or in dashboard ("In the Search app, the warning dialog box appears when you click a link or type a URL that loads a search which contains risky commands. In dashboards, the warning dialog box appears automatically unless an input or visualization contains a search with a risky command") however it is not currently possible to display the alert if a user just types it out themselves into the search bar.
Check out https://docs.splunk.com/Documentation/Splunk/9.4.0/Security/SPLsafeguards for more information about this.

 

Please let me know how you get on and consider accepting this answer or adding karma this answer if it has helped.
Regards

Will

0 Karma
Reply
Get Updates on the Splunk Community!

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...
Top