Re: Can't delete one host permanently after alread...

luanvn · ‎03-27-2015

Now, I was uncomfortable. I can't delete one host that was displayed on search.

I already deleted it's index by splunk clean eventdata -index xxxx. But when i open search home page I can still see it.

Then I also delete that host by host = xxx | delete. After press f5. But it still display. It's really stubborn.

So, there're any way how to prevent or delete or remove that host, i don't wanna that always display my home page search?

chimell · ‎03-30-2015

Hi luanvn

Default permissions do not let you delete data but it does remove the data from the index. You can 'clean' an index of data permanently and you'll see that option in the link as well. Just make sure you want to delete the data since you can't get it back.

Updated link:

http://docs.splunk.com/Documentation/Splunk/latest/Indexer/RemovedatafromSplunk

luanvn · ‎03-29-2015

Nvm, I got them. In fact my host was saved at wineventlog. So I delete all events in winevenlog by following steps:

Stop splunk service
Remove all event in wineventlog index by: splunk clean eventdata -index wineventlog
Start splunk again.

harsmarvania57 · ‎03-27-2015

Hi,

Can you please let us know how you cleaned your index? With below steps??

1.) Stop splunk service on Indexer
2.) Clean your Index
3.) Start splunk service on Indexer

Thanks,
Harshil

Can't delete one host permanently after already deleted index

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms