This section describes how to remove objects related to Kaspersky CyberTrace from Splunk after Kaspersky CyberTrace is uninstalled. Note that after you have removed these objects, events from Kaspersky CyberTrace persist in Splunk.
To remove objects related to Kaspersky CyberTrace after Kaspersky CyberTrace is uninstalled:
%SPLUNK_HOME%/etc/apps/Kaspersky-CyberTrace-App-for-Splunk
.%SPLUNK_HOME%/etc/apps/Kaspersky-CyberTrace-App-for-Splunk
.%SPLUNK_HOME%/etc/apps/Splunk_TA_Kaspersky-CyberTrace-App-for-Splunk-Universal-Forwarder
, which contains Kaspersky CyberTrace App for Splunk.Here, %SPLUNK_HOME%
is the directory to which Splunk is installed.
%SPLUNK_HOME%/bin/splunk restart
Then you can clear Splunk of events received from Kaspersky CyberTrace.
To clear Splunk of events received from Kaspersky CyberTrace:
index="main" sourcetype="kl_cybertrace_events" | delete
Deleting events from the main
index can be done only under the user account that has the can_delete
role. You can add this role to a user account by selecting Settings > Roles in the Splunk main menu.
Search & reporting app