Solved: Re: How to delete all data of index using python?

ejespiritu · ‎07-12-2018

Hi All,

So I'm wondering if it's possible to use a python script that runs on a schedule to delete all the content of an index.

Thanks!

PowerPacked · ‎07-12-2018

Hi @ejespiritu

Take a look at the Delete command, here is the link.

https://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Delete

You can make this as a scheduled search, make it run frequently to delete the data.

& another thing to remind of is, you need to have delete permissions enabled for you role to delete the data from index ( delete permissions are separate from admin permissions )

Thank you

View solution in original post

PowerPacked · ‎07-12-2018

Hi @ejespiritu

Take a look at the Delete command, here is the link.

https://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Delete

You can make this as a scheduled search, make it run frequently to delete the data.

& another thing to remind of is, you need to have delete permissions enabled for you role to delete the data from index ( delete permissions are separate from admin permissions )

Thank you

soumyasaha25 · ‎07-12-2018

Do you want the data to be deleted permanently from the index (disk) or just want it to be unsearchable while still retaining the data on the indexes (disks).

ejespiritu · ‎07-12-2018

delete permanently as i need it to be replaced as a whole every month

soumyasaha25 · ‎07-16-2018

yes, as @PowerPacker pointed out below, you can run a scheduled search and set "run script" in alert actions to delete the index.

How to delete all data of index using python?

Modern way of developing distributed application using OTel

Enterprise Security Content Update (ESCU) | New Releases

Archived Metrics Now Available for APAC and EMEA realms