Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to delete KV Store data older than 30 days?

AditiKulkarni
New Member
‎10-27-2015 12:03 AM

In our application, there is a requirement where we have to retain data in KV Store for a month (i.e. 30 days) and delete data that is older than 30 days. Is there any way/configuration where we can delete the KV Store data older than 30 days? I don't want to use scheduled search for this.

Could anyone give suggestion?

Tags (2)
0 Karma
Reply

tfechner
Path Finder
‎09-03-2018 07:12 AM

Any new possibility in 7.1 to remove old entries in a timebased kvstore?

0 Karma
Reply

masonmorales
Influencer
‎05-19-2016 10:45 AM

Do you store any kind of timestamp in your KV store? If so, what is it called and please give an example of its value.

0 Karma
Reply

masonmorales
Influencer
‎05-19-2016 10:47 AM

Also, you WILL have to use a scheduled search for this, but you only need to run it once/day. Just out of curiosity, why wouldn't you want to?

0 Karma
Reply

Jason
Motivator
‎05-19-2016 09:30 AM

As far as I know, there is no method for deleting individual records from the KV store using their keys, from the search bar, or automatically from a configuration somewhere.

You could use the inputlookup and outputlookup (without append=t) commands to bring in the entirety of the collection, search through it to keep what you want (likely some sort of where on a time field), and output it back to the kv store.

Deletion is currently handled through hitting a REST endpoint with a DELETE method. Example in the UI using the Javascript SDK.

Reply
Get Updates on the Splunk Community!

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

At .conf25, Splunk proudly recognized Fast Lane as the 2025 Authorized Learning Partner of the Year. This ...

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...