Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

how do I remove a source

juriggs
Path Finder
‎07-05-2013 09:12 AM

Ok, this is massively frustrating. I downloaded Splunk and installed it on my computer. I ran through the tutorials just to get a feel for how the thing worked. To start, I just indexed some of the logs on my local machine. Now I want to get rid of those sources... and I mean I want them GONE. I want the data gone, I want my disk space back, and I don't want the source to show up in the list on the search page. This REALLY shouldn't be so hard... why in the world isn't this as simple as adding data?

Tags (3)
Reply

seanbarbour
New Member
‎07-08-2013 09:27 AM

Using the delete command will remove the sources from showing up in the search without removing all of the data from the main index. This should cleanup the dashboard.

For the future setup a test index that will allow you to test new inputs and use as a sandbox, this way you have an index you can use the clean command on without affecting the other indexes.

0 Karma
Reply

juriggs
Path Finder
‎07-08-2013 08:17 AM

Thanks for the link, but I think I'm going to have a hard time explaining to management that we can't clean the dashboard and make it readable, or reclaim our disk space.

If anyone from Splunk hangs out on this board, I'd love to hear the reasoning behind this "feature" so that I can try to make a case...

Thanks,

Justin

0 Karma
Reply

linu1988
Champion
‎07-05-2013 10:56 AM

You can't delete the sources itself. If you want to delete the data in your indexes, please use the below command

Stop splunkd

Go to -> splunk//bin folder
splunk clean eventdata. Your data will be cleaned from the indexes.

Please refer this:
http://docs.splunk.com/Documentation/Splunk/5.0.3/Indexer/RemovedatafromSplunk

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...