I opened up the splunk search app and added this splunk search command :
sourcetype="addedfields" wrap | delete
The event is retrieved but cannot delete.
I saw this error message thrown :
Error in 'delete' command: You have insufficient privileges to delete events.
How do i resolve this?? so that i can delete the search events.
Presuming you are admin :
In Splunk Web browse to :
Manager -> Access controls -> Roles -> admin
Scroll down the the
I went to remove all the capabilities under the admin roles access controls and added all again.
hen i see this message again.
Encountered the following error while trying to update: Client is not authorized to perform requested action