After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Delete containers from your Splunk SOAR (On-premises) deployment
Use a management command to remove containers from their Splunk SOAR (On-premises) deployment. Removing containers should only be done in compliance with your organization's legal and policy requirements for data retention.
Removing containers cannot be undone. The only way to recover containers is to restore your Splunk SOAR (On-premises) deployment from a backup.
Example: To delete all containers with the "test" label last updated before January 1, 2020 at 12:00:00 UTC:
Delete containers command arguments and record filters
Use these arguments to control the behavior of the delete_containers
command.
Argument | Description |
---|---|
-h, --help | Show this help message and exit the command. |
--list-labels | List the available container labels and exit. |
--dry-run | Do not delete any containers, just show the results from the command. Use this option to test your command input before running the command. |
--no-prompt | Do not block command execution for user input. Use this flag for running delete_containers as part of an unsupervised script.
|
-c <number of containers to delete>, --chunk-size <number of containers to delete> |
Maximum number of containers to delete in a single transaction. If containers have large numbers of related records, such as related artifacts, smaller chunk sizes may provide better performance, especially if running the command transactionally. |
--transactional | Set this option to run the entire delete operation atomically. The delete operation may take a very long time, depending on how many containers your system has. Do not run transactionally if you want to be able to easily be able to pause and restart the deletion process. |
Use these filters to control which containers are deleted.
Filter | Description |
---|---|
--ids <IDS> | Delete the container IDs specified in a space-separated list. |
--label <LABEL> | Only delete containers with the specified label. |
--matching <MATCHING> | Delete the containers with a matching title. Use a string. This string is not case sensitive. |
--before <timestamp> | Only delete containers created before this timestamp. Value can be in various formats including <yyyy-mm-dd>T<hh:mm:ss>Z or <yyyy-mm-dd>T<hh:mm>Z. Example: --before "2020-01-01T12:00:00Z"
|
--after <timestamp> | Only delete containers created after this timestamp. Value can be in various formats including <yyyy-mm-dd>T<hh:mm:ss>Z or <yyyy-mm-dd>T<hh:mm>Z. Example: --before "2020-01-01T12:00:00Z"
|
--status <STATUS> | Only delete containers with the status values specified in a space-separated list. |
Reset the admin and root passwords in | Enable clickable URLs in CEF data |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.2.0, 6.2.1, 6.2.2, 6.3.0
Feedback submitted, thanks!