Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to remove recently indexed data

DavidHourani
Super Champion
‎01-16-2014 08:48 AM

Hello,

I accidently had a file indexed by placing it in a directory from which splunk inputs in the logs.Is it possible to erase the newly indexed info because it messed up all my searches ?

Can I delete some sort of file or something in order to erase recently indexed data ?

Same goes for the information that was taken into the data model, what can I do to remove or undo what i added.

Thanks,
David

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lukejadamec
Super Champion
‎01-16-2014 08:57 AM

You can create a search that pull the data you want to get rid of, and ONLY the data you want to get rid of, and then add delete to the end of the search. This will not actually remove the data from the index, i.e. make the index smaller, but it will make the data unsearchable.

I recommend reading this article first:

http://docs.splunk.com/Documentation/Splunk/6.0.1/SearchReference/Delete

View solution in original post

Reply
Solved! Jump to solution

ddrillic
Ultra Champion
‎06-22-2016 03:56 AM

Remove indexes and indexed data

speaks about it.

It says
-- To delete indexed data permanently from your disk, use the CLI clean command. This command completely deletes the data in one or all indexes, depending on whether you provide an argument.

0 Karma
Reply
Solved! Jump to solution
Solution

lukejadamec
Super Champion
‎01-16-2014 08:57 AM

You can create a search that pull the data you want to get rid of, and ONLY the data you want to get rid of, and then add delete to the end of the search. This will not actually remove the data from the index, i.e. make the index smaller, but it will make the data unsearchable.

I recommend reading this article first:

http://docs.splunk.com/Documentation/Splunk/6.0.1/SearchReference/Delete

Reply
Solved! Jump to solution

sravankr96
Engager
‎06-21-2016 10:07 PM

can u tell how to remove the data permanently not just hiding it by using delete option?
Any response will be a great help. Thanks in advance:)

Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎01-17-2014 12:59 AM

Cool 🙂 thank you.
And one more thing, does deleting also mask the data in a data model or does this only work for indexes ?

0 Karma
Reply
Solved! Jump to solution

lukejadamec
Super Champion
‎01-16-2014 10:20 AM

Use the check mark to accept the answer, and it will give you 10 more points I think.

0 Karma
Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎01-16-2014 09:27 AM

Found it ! thanks a lot!

wish i had points to award you 🙂

0 Karma
Reply
Solved! Jump to solution

lukejadamec
Super Champion
‎01-16-2014 09:24 AM

Delete is a special feature. Go to Manager > Access Controls > Users > your user > and give yourself "Can Delete" permission under Assign to Roles.

0 Karma
Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎01-16-2014 09:22 AM

Cool, thank you.. now i just need to find out how to get the permission to do so cause i can't seem to use |delete even as admin

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...