How to clean up old indexes, reports, alerts, etc ?

Path Finder

I have inherited a splunk distributed deployment which is a bit of a train wreck.

Does anyone know of a way to identify indexes that no one has searched for a long time?

Or how to identify reports that no one has run for a long time or that are not scheduled?

Thank you,

Tags (3)
0 Karma

Re: How to clean up old indexes, reports, alerts, etc ?


Hi @Glasses,

Someone already developed a dashboard and posted it here for that purpose :

You can also use app such as search activity to see what's being used the most and reverse the search to get what's being used the least :

Another useful link to see dashboard usage here :

Lots of resources about this. You can even leverage the MC to get more insight one what's happening.

Let me know if there's a specific query you're looking to build in addition to all that.