Knowledge Management

How to erase or delete the parsed Splunk ES TI data?

owenpcyip
New Member

I set the Max_age for each threat intelligence list for the TI data retention but it is not work, so I would like to remove the out-date data manually.

Please kindly tell me the datastore location or path in CLI mode. In addition, I would like to know how can I make the max_age setting work?

0 Karma
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...