Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Reduce on disk database size after delete

kevinzona
Engager
‎02-01-2012 05:43 AM

I have run into a situation where a very large amount of data has been imported into the wrong index. This index contains other data as well. My current plan is to run a delete of the incorrectly imported data, create a new index, and reimport. My concern is that a delete does not reduce the actual database size on disk. It seems a clean will remove do what i need, but will also remove the other valid data. Is there anyway, online or offline, to reduce the database size on disk without losing the other data?

I guess I could always run my delete, then dump the remaining contents of the index to a file, remove the index, recreate and reimport. I was just hoping for something easier. Thanks.

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

RicoSuave
Builder
‎02-01-2012 07:58 AM

Unfortunately, I don't think there is an "easier" way to do this. I have done the same. Just "delete" the events, output the remaining events by following this post.
Then shutdown splunk and clean the index.
Then re import the events.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

RicoSuave
Builder
‎02-01-2012 07:58 AM

Unfortunately, I don't think there is an "easier" way to do this. I have done the same. Just "delete" the events, output the remaining events by following this post.
Then shutdown splunk and clean the index.
Then re import the events.

0 Karma
Reply
Solved! Jump to solution

RicoSuave
Builder
‎02-01-2012 08:27 AM

I haven't looked into this possibility, but i'm sure this could be scripted somehow. Or maybe an enhancement request should be filed to have some type of a gui to accomplish this.

0 Karma
Reply
Get Updates on the Splunk Community!

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...

Splunk AppDynamics Agents Webinar Series

Mark your calendars! On June 24th at 12PM PST, we’re going live with the second session of our Splunk ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open! If you ...
Top