I had setup a forwarder to monitor the directory and didn't specify any source type. Splunk automatically create some sourcetype in search app. I don't want these source type and now I want to delete all of them but I am getting some error while deleting.
I am trying to execute below command.
sourcetype=log-too_small | delete
I am getting below error
Error in 'delete' command: You have insufficient privileges to delete events.
While I am logged in as a 'Admin'
any clue what is wrong???
Thanks
Manoj Jangid
oops by default admin doesn't have can_delete permission after setting this permission to admin I am able to delete.
In Splunk 8.2 and above go to Settings -> Users
Under actions TAB click on edit and assign a role : can_delete
please check below SS.
oops by default admin doesn't have can_delete permission after setting this permission to admin I am able to delete.
Manager -> Access Controls -> Roles -> Select Specific Role that the user belongs to
Scroll down to the "Inheritance" section. Add the "can_delete" role to the Selected Roles on the right.
settings>access controls..
where can you change permissions for this function? Did you do this through the GUI?