Other Usage
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you delete a default index?

erikhill
Explorer
‎01-11-2024 05:01 PM


This page states: 

You can't delete default indexes and third-party indexes from the Indexes page. 

 

Can I still delete default indexes through the CLI?

 

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎01-11-2024 06:40 PM

Hi @erikhill 

That doc is for "Splunk Cloud"(CLI access is with Splunk Cloud Support Team) and from the GUI page you can not delete.

For Splunk Enterprise, i tried it on my lab setup:


C:\Program Files\Splunk\bin>.\splunk.exe remove index main
WARNING: Server Certificate Warning - ignore this

cannot remove idx=main, is internal

C:\Program Files\Splunk\bin>

 

so, we can not remove the default index(es), thanks. 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎01-11-2024 06:40 PM

Hi @erikhill 

That doc is for "Splunk Cloud"(CLI access is with Splunk Cloud Support Team) and from the GUI page you can not delete.

For Splunk Enterprise, i tried it on my lab setup:


C:\Program Files\Splunk\bin>.\splunk.exe remove index main
WARNING: Server Certificate Warning - ignore this

cannot remove idx=main, is internal

C:\Program Files\Splunk\bin>

 

so, we can not remove the default index(es), thanks. 

0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎01-12-2024 05:32 AM

Hi @erikhill  may i know if the above reply solves your query, if not, pls let us know more details. 

if yes, could you pls accept it as solution, thanks. 

0 Karma
Reply
Solved! Jump to solution

erikhill
Explorer
‎01-12-2024 09:29 AM

I appreciate the response @inventsekar , thank you.  I have a main index that I don't need anymore and I'd like to remove. If the index can't be deleted, can all of the data be removed from the index?

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎01-12-2024 09:52 AM

If you already ingested some data into this index and you don't need/want it in your instance anymore you can set a short retention period so that data is quickly rolled out and removed from the index. It's the easiest and most elegant way.

Reply
Solved! Jump to solution

erikhill
Explorer
‎01-12-2024 09:54 AM

Great! Thanks @PickleRick , I'll give that a shot!

0 Karma
Reply
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...