Getting Data In

When I delete an old version of Splunk does it delete the old indexes and hosts?

ellissa
New Member

Hi All,
I've recently had to reinstall Splunk on my server.
It was using an index called "index2", I've since removed that version of Splunk (which I thought would of deleted the index) and installed Splunk v7.

It's worth noting that I had about 10-12 forwarders sending syslog data to my Splunk instance before uninstalling.
Since installing the new Splunk v7 I can only see one available forwarder when selecting "add data"

The odd thing is that when I go to search and reporting and select index="newindex" it generates a whole lot of data and tells me I have 6 hosts contributing data.

This is quite puzzling. The IP address and port of the Splunk instance is exactly the same, so I'm not sure why they don't appear in the forwarder list under 'add data'

Appreciate any help i can get

S.

0 Karma

cmerriman
Super Champion

did you follow the Uninstall instructions?
https://docs.splunk.com/Documentation/Splunk/7.0.0/Installation/UninstallSplunk
If you had any indexes that didn't use the default path, those must be deleted also. This document includes a lot of good information in case you may have overlooked something in the uninstallation.

In that same doc, you can navigate to the Install Splunk on Windows/Linux (depending on which OS you're using) page and follow those instructions.

If you have followed these directions to a tee, have you tried adding your other forwarders and/or configuring the inputs that are already there?

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...