Other Usage
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you delete a default index?

erikhill
Explorer
‎01-11-2024 05:01 PM


This page states: 

You can't delete default indexes and third-party indexes from the Indexes page. 

 

Can I still delete default indexes through the CLI?

 

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎01-11-2024 06:40 PM

Hi @erikhill 

That doc is for "Splunk Cloud"(CLI access is with Splunk Cloud Support Team) and from the GUI page you can not delete.

For Splunk Enterprise, i tried it on my lab setup:


C:\Program Files\Splunk\bin>.\splunk.exe remove index main
WARNING: Server Certificate Warning - ignore this

cannot remove idx=main, is internal

C:\Program Files\Splunk\bin>

 

so, we can not remove the default index(es), thanks. 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎01-11-2024 06:40 PM

Hi @erikhill 

That doc is for "Splunk Cloud"(CLI access is with Splunk Cloud Support Team) and from the GUI page you can not delete.

For Splunk Enterprise, i tried it on my lab setup:


C:\Program Files\Splunk\bin>.\splunk.exe remove index main
WARNING: Server Certificate Warning - ignore this

cannot remove idx=main, is internal

C:\Program Files\Splunk\bin>

 

so, we can not remove the default index(es), thanks. 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎01-12-2024 05:32 AM

Hi @erikhill  may i know if the above reply solves your query, if not, pls let us know more details. 

if yes, could you pls accept it as solution, thanks. 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply
Solved! Jump to solution

erikhill
Explorer
‎01-12-2024 09:29 AM

I appreciate the response @inventsekar , thank you.  I have a main index that I don't need anymore and I'd like to remove. If the index can't be deleted, can all of the data be removed from the index?

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎01-12-2024 09:52 AM

If you already ingested some data into this index and you don't need/want it in your instance anymore you can set a short retention period so that data is quickly rolled out and removed from the index. It's the easiest and most elegant way.

Reply
Solved! Jump to solution

erikhill
Explorer
‎01-12-2024 09:54 AM

Great! Thanks @PickleRick , I'll give that a shot!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...