Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to remove data if I have already removed the index?

Lindaiyu
Path Finder
‎07-04-2016 02:00 AM

Hello Splunkers,
I really need your help!
I have a large amount data within one index.
For remove the data, it should
1 Remove the data of this index with command 

splunk clean eventdata -index xxx

2 Remove index

splunk remove -index xxx

However, I forgot the first step and do the second step directly.
Now when I run the first command, it show the message"index does not exist"
However, the data still in Splunk.
How could I remove the data after I have removed the index?

Could you please help me with that?
Thank you

Tags (2)
0 Karma
Reply

Buscatrufas
Path Finder
‎07-04-2016 04:09 AM

You must clean index with the service stopped.

Reply

teunlaan
Contributor
‎07-04-2016 02:28 AM

Did you remove de index from "indexes.conf" or deleted the directory on the server?

If you deleted it on the server, Your data is already gone

Reply

Lindaiyu
Path Finder
‎07-04-2016 02:30 AM

I remove with the CLI command "splunk remove index "

0 Karma
Reply

oficinasegurida
Engager
‎07-04-2016 02:18 AM

You'll find the index data in this location inside the folder where Splunk is installed:

/SplunkFolder/var/lib/splunk

Inside you'll find a folder for each index. Delete the one you want and you're done.

Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...