Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

When I delete an old version of Splunk does it delete the old indexes and hosts?

ellissa
New Member
‎09-26-2017 06:37 AM

Hi All,
I've recently had to reinstall Splunk on my server.
It was using an index called "index2", I've since removed that version of Splunk (which I thought would of deleted the index) and installed Splunk v7.

It's worth noting that I had about 10-12 forwarders sending syslog data to my Splunk instance before uninstalling.
Since installing the new Splunk v7 I can only see one available forwarder when selecting "add data"

The odd thing is that when I go to search and reporting and select index="newindex" it generates a whole lot of data and tells me I have 6 hosts contributing data.

This is quite puzzling. The IP address and port of the Splunk instance is exactly the same, so I'm not sure why they don't appear in the forwarder list under 'add data'

Appreciate any help i can get

S.

0 Karma
Reply

cmerriman
Super Champion
‎10-04-2017 08:27 AM

did you follow the Uninstall instructions?
https://docs.splunk.com/Documentation/Splunk/7.0.0/Installation/UninstallSplunk
If you had any indexes that didn't use the default path, those must be deleted also. This document includes a lot of good information in case you may have overlooked something in the uninstallation.

In that same doc, you can navigate to the Install Splunk on Windows/Linux (depending on which OS you're using) page and follow those instructions.

If you have followed these directions to a tee, have you tried adding your other forwarders and/or configuring the inputs that are already there?

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...