Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to delete uploaded csv file

syjayaraj
Explorer
‎02-20-2016 09:56 AM

Hello Team,
I added an csv file using add data, I do not know how to delete it, could some help on this.
and where this normally sits .i.e the path e.g opt/splunk..

Tags (1)
Reply

hsesterhenn_spl
Splunk Employee
Splunk Employee
‎02-25-2016 09:53 AM

Hi,

let's summarize your options:

If you have uploaded a CSV using "Add Data" all events are copied from the CSV into an index (this is the main index by default if you don't change it). There is no thing as "stored CSV file". This file has been removed from the system after adding the events.
Using the "source=" search filter you can get all events which have been imported from this CSV.

If you want to delete a whole index use "splunk clean eventdata" on the CLI as mentioned. It will free the space on disk.

The "delete" command is only allowed for a special role as mentioned AND IT WILL NOT DELETE DATA FROM DISK!
http://docs.splunk.com/Documentation/Splunk/latest/Indexer/RemovedatafromSplunk#How_to_delete
Please read this explanation carefully.
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Delete

And as mentioned by Martin if you have uploaded a file to be used as a LOOKUP you have to delete it from the server itself.

HTH,
Holger

Reply

fdi01
Motivator
‎02-23-2016 04:47 AM

in CLI; go to splunk_home/bin/ use splunk clean command to do it
you can first run splunk help clean command to understand how clean command is it work

0 Karma
Reply

dkeck
Influencer
‎02-23-2016 02:54 AM

Hi,

you can also just delete the index you put the data in, assumed its the only data in this index otherwise thats not a help.

Settings->Indexes->delete
0 Karma
Reply

ngatchasandra
Builder
‎02-23-2016 01:44 AM

Hi syjayaraj,

  1. remove your csv file returns to delete the data therein. In the search bar, you can use delete operator .

To do this, your role must have the capability to do so. If you are an admin user, you must go add can_delete role because admin role don't have it by default.

After to this, run a search that returns events of your csv file like follow:

source=   (name_of_your_file.csv)  OR (Path/../ name_of_your_file.csv)|delete

This will remonve all data in your csv file

For more Explanation follow the link:

http://docs.splunk.com/Documentation/Splunk/latest/Indexer/RemovedatafromSplunk#Delete_events_from_f...

  1. I think that to see where your csv file is located, go to opt/Splunk/var/lib/splunk/defaultdb/db/hot_v1_0/rawdata if you use default index to index your file.

Note: hot_v1_0 is newsly created directory.

follow opt/Splunk/var/lib/splunk/your_index_nama/db/hot_v1_0/rawdata for for your particular index.

Reply

hsesterhenn_spl
Splunk Employee
Splunk Employee
‎02-25-2016 09:44 AM

Please do not remove files from the bucket if you are not familiar with Splunk internal details.

If you want to delete data use the official commands (Splunk clean on the CLI) or delete the whole index.

Holger

Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-20-2016 12:33 PM

You've probably uploaded a lookup .csv file, those sit in $SPLUNK_HOME/etc/apps/your_app/lookups or $SPLUNK_HOME/etc/system/lookups.

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...