Delete Records
Records can be deleted by an authorized user. This can be done by issuing an HTTP DELETE to /rest/<type>/<id>. Deletion can only be done by a user account with the correct privileges and not by a connection authenticated using a REST token. The Python requests module implements both HTTP Basic user auth as well as HTTP DELETE.
/rest/<type>/<id>
Syntax
https://<username>:<password>@<host>/rest/<type>/<id>
DELETE
Delete a record.
Example Python request
Delete container Id 42.
requests.delete('https://192.168.1.1/rest/container/42', auth=('admin', 'password'))
Example response
A successful DELETE will return a success message.
{
"success": true
}
Example curl request
Delete the custom CEF Id 151.
curl -k -u admin:changeme https://localhost/rest/cef/151 -X DELETE
Example response
A successful DELETE will return the success message.
{
"success": true
}
Failures will return a non-200 response code and JSON with "failed" = true and an appropriate "message".
Delete is only supported for the following record types:
- Apps (/rest//rest/app/<id>)
- Artifacts (/rest/artifact/<id>)
- Assets (/rest/asset/<id>)
- CEF (/rest/cef/<id>)
- Containers (/rest/container/<id>)
- Container Attachments (vault files such as /rest/container_attachment/<id>)
- Custom Lists (/rest/decided_list/<id>)
Custom Lists can be deleted with user or token authentication. All others require user authentication.
| Bulk Create and Update Records | Get System Info |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7
Download manual
Feedback submitted, thanks!