Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to remove data if I have already removed the index?

Lindaiyu
Path Finder
‎07-04-2016 02:00 AM

Hello Splunkers,
I really need your help!
I have a large amount data within one index.
For remove the data, it should
1 Remove the data of this index with command 

splunk clean eventdata -index xxx

2 Remove index

splunk remove -index xxx

However, I forgot the first step and do the second step directly.
Now when I run the first command, it show the message"index does not exist"
However, the data still in Splunk.
How could I remove the data after I have removed the index?

Could you please help me with that?
Thank you

Tags (2)
0 Karma
Reply

Buscatrufas
Path Finder
‎07-04-2016 04:09 AM

You must clean index with the service stopped.

Reply

teunlaan
Contributor
‎07-04-2016 02:28 AM

Did you remove de index from "indexes.conf" or deleted the directory on the server?

If you deleted it on the server, Your data is already gone

Reply

Lindaiyu
Path Finder
‎07-04-2016 02:30 AM

I remove with the CLI command "splunk remove index "

0 Karma
Reply

oficinasegurida
Engager
‎07-04-2016 02:18 AM

You'll find the index data in this location inside the folder where Splunk is installed:

/SplunkFolder/var/lib/splunk

Inside you'll find a folder for each index. Delete the one you want and you're done.

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...