Delete containers from your Splunk SOAR (On-premises) deployment
delete_containers.pyc script to remove containers from their Splunk SOAR (On-premises) deployment. Removing containers should only be done in compliance with your organization's legal and policy requirements for data retention.
Removing containers cannot be undone. The only way to recover containers is to restore your Splunk SOAR (On-premises) deployment from a backup.
Example: To delete all containers with the "test" label last updated before January 1, 2020 at 12:00:00 UTC:
Delete containers script arguments and record filters
Use these arguments for the
delete_containers.pyc script to apply controls to the script.
|-h, --help||Show this help message and exit the script.|
|-b, --list-labels||List the available container labels and exit the script.|
|-d, --dry-run||Do not delete any containers, just show the results from the command. Use this option to test your command input before executing the script.|
|--non-interactive||Do not block script execution for user input. Use this flag for running |
|-c <number of containers to delete>,
--chunk-size <number of containers to delete>
|Maximum number of containers to delete in a single transaction. Maximum value is 10,000. Example: |
|Maximum number of retries in case there is an error.|
Use these filters for the
delete_containers.pyc script to control on which containers the script deletes.
|-i <IDS>, --ids <IDS>||Delete the container IDs specified in a comma separated list.|
|-l <LABEL>, --label <LABEL>||Only delete containers with the specified label.|
|-m <string>, --matching <string>||Delete containers that title match the specified string. The match is not case sensitive.|
|--before <date/time>||Only delete containers last updated before this date/time. Example: |
|--after <date/time>||Only delete containers last updated after this date/time. Example: |
|--status <STATUS>||Only delete containers the status values specified in a comma separated list.|
Reset the admin and root passwords in
Enable clickable URLs in CEF data
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.0.1, 5.1.0, 5.2.1, 5.3.1, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1