Getting Data In

Where in Splunk are my log files indexed?

New Member

I am using Splunk 6.0. I configured a log file to be automatically indexed in Splunk by editing inputs.conf. I am able to view the indexed values in Splunk Web, but I want to know the location of where the log file got indexed, because if any data got indexed incorrectly, I want to remove the log file from the location. While doing it manually via DataInputs, I was able to view the log file in DataInputs > Files&Directories. It is easy to remove the data by deleting from there, but I need to do the same during the log file indexing automatically. Please help me to find out this

0 Karma

Path Finder

So there are few different things to consider:

  1. In terms of where the data gets indexed, by default $SPLUNK_HOME/var/log/splunk directory. See

  2. In terms of deleting the data: for the most part, it isn't recommended that you manually delete indexed data (buckets) because that could cause issues depending on your deployment setup. Splunk employs a retention policy where data is deleted by age (or size). The default is ~ 6 years, but this number is configurable on global and/or index basis. This will need to be configured in the indexes.conf, see : If you have the need to delete data, I recommend that you let the data retire, and re-index the data properly ( consider disk space and licensing.)

  3. What index are you sending your data to? If it's a new index and the data is fairly recent, you could clean the index but keep in mind that ALL data in that index will be deleted. See:

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...