I had not, but while this works, it is limited to 100 episodes at a time, and I have over 100,000 to modify.

Hmm, perhaps through the Rest API's but I never tried it before, not in bulk at least. But due to the amount of episodes you want to delete I believe the best approach would be a script to iterate on each individual _key episode record.

If you run this search you will have access to a list of episodes and their status, perhaps you could filter by them and making sure that all the episodes you want to keep are assigned and with other status than 1 (progress).

So first get the keys for the episodes for deletion and export to .*txt or w/e.

| inputlookup itsi_notable_group_user_lookup

• 1 - New
• 2 - In Progress
• 3 - Pending
• 4 - Resolved
• 5 - Closed

Build a script to read the file and for each key execute, make sure this is the right path (I'm pretty tired)

curl -k -u admin:password https://localhost:8089/servicesNS/nobody/SA-ITOA/event_management_interface/notable_event_group/\?filter\='\{"_key":"004b2eed-4551-481f-9487-9cf96b58e59d"\}' -X DELETE

https://docs.splunk.com/Documentation/ITSI/4.6.0/RESTAPI/ITSIRESTAPIreference#event_management_inter...