https://community.splunk.com/t5/Splunk-Search/Messed-up-input-data-ruining-slowing-down-search/m-p/99097#M25581 <P>Hi! </P> <P>I accidentally indexed really bizarre logs (partially downloaded logs) and assigned it to a sourcetype. Now searches in this sourcetype is extremely slow and I get inconsistent and bizarre results. I then deleted them from my input directory but it seems like they still exist. Is there anyway to clear or erase the history?</P> <P>I used the | delete command and it looks like it's gone, but my search is still messed up and extremely slow (it takes a long time to output results)... Can anyone tell me what's going on?</P> <P>please help ;__;</P> Fri, 13 Jul 2012 23:29:14 GMT monicato 2012-07-13T23:29:14Z https://community.splunk.com/t5/Splunk-Search/Messed-up-input-data-ruining-slowing-down-search/m-p/99097#M25581 <P>Hi! </P> <P>I accidentally indexed really bizarre logs (partially downloaded logs) and assigned it to a sourcetype. Now searches in this sourcetype is extremely slow and I get inconsistent and bizarre results. I then deleted them from my input directory but it seems like they still exist. Is there anyway to clear or erase the history?</P> <P>I used the | delete command and it looks like it's gone, but my search is still messed up and extremely slow (it takes a long time to output results)... Can anyone tell me what's going on?</P> <P>please help ;__;</P> Fri, 13 Jul 2012 23:29:14 GMT https://community.splunk.com/t5/Splunk-Search/Messed-up-input-data-ruining-slowing-down-search/m-p/99097#M25581 monicato 2012-07-13T23:29:14Z https://community.splunk.com/t5/Splunk-Search/Messed-up-input-data-ruining-slowing-down-search/m-p/99098#M25582 <P>Not sure "what's going on?", but for you question in cleaning your "history", I assume you mean events/eventdata, this can be done by using the CLI command "<CODE>$SPLUNK_HOME/bin/splunk clean</CODE>". Before using this, you should read the documentation, as you will lose ALL data in the indexes you choose to clean..</P> <P><A href="http://docs.splunk.com/Documentation/Splunk/latest/Admin/RemovedatafromSplunk">http://docs.splunk.com/Documentation/Splunk/latest/Admin/RemovedatafromSplunk</A></P> <P>Once you have cleaned a specific index (e.g. main), you may wish to re-index certain files that were previously monitored, as Splunk maintains a record of what it has indexed through CRC checks,etc, you may also need to look in to cleaning the fishbucket... BUT BE WARNED, this could result in duplicated data in other indexes.</P> <P>Hope this helps,</P> <P>MHIbbin</P> Sat, 14 Jul 2012 11:05:29 GMT https://community.splunk.com/t5/Splunk-Search/Messed-up-input-data-ruining-slowing-down-search/m-p/99098#M25582 MHibbin 2012-07-14T11:05:29Z https://community.splunk.com/t5/Splunk-Search/Messed-up-input-data-ruining-slowing-down-search/m-p/99099#M25583 <P>Thanks for the answer! I identified the source of the weird log and piped it to the delete command and that did the trick! No need to clear the index. Thanks for the help!</P> Mon, 16 Jul 2012 18:35:42 GMT https://community.splunk.com/t5/Splunk-Search/Messed-up-input-data-ruining-slowing-down-search/m-p/99099#M25583 monicato 2012-07-16T18:35:42Z https://community.splunk.com/t5/Splunk-Search/Messed-up-input-data-ruining-slowing-down-search/m-p/99100#M25584 <P>I did a 'clean' operation but the issue is still the same. <BR /> Running a search query for the "last 15 minutes" takes more than 25 minutes to complete.<BR /> Any ideas would be appreciated.</P> Fri, 15 Jan 2016 08:37:54 GMT https://community.splunk.com/t5/Splunk-Search/Messed-up-input-data-ruining-slowing-down-search/m-p/99100#M25584 wilsonchua 2016-01-15T08:37:54Z