Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Problems Deleting Data in Splunk 6

conner9
Path Finder
‎10-29-2013 08:06 AM

Trying to delete data from an index for a specific day, and keep getting an error.

index=os sourcetype=ps provides 600k results for a single day.

index=os sourcetype=ps | delete results in "job terminated unexpectedly" "search terminated because of an error"

Yes the account has the delete functionality.

Thanks in advance for any thoughts.

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

conner9
Path Finder
‎10-29-2013 09:42 AM

I found my particular problem. Some of the files in my index directory were owned by root, and it was preventing my deletes from taking affect. As soon as I reset ownership to splunk:splunk, it started working again.

View solution in original post

Reply
Solved! Jump to solution
Solution

conner9
Path Finder
‎10-29-2013 09:42 AM

I found my particular problem. Some of the files in my index directory were owned by root, and it was preventing my deletes from taking affect. As soon as I reset ownership to splunk:splunk, it started working again.

Reply
Solved! Jump to solution

jtrucks
Splunk Employee
Splunk Employee
‎10-29-2013 09:14 AM

Have you tried deleting data for only a couple hours or some other shorter period of time? It is possible you are hitting resource constraints that are messing with the completion of the job.

--
Jesse Trucks
Minister of Magic
Reply
Solved! Jump to solution

conner9
Path Finder
‎10-29-2013 09:42 AM

I did, and it was still failing.

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...