Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

python sdk clean index does not seem to work

sathiyamoorthy
Explorer
‎03-17-2014 11:15 AM

Logged in as admin, and executing clean method on an index does not seem to work:

tt.indexes['test_index'].clean()

Logged in to splunk web and able to see data which has been indexed before the clean() is executed.

Should I do anything else to actually clean the index?

Using splunk 6 and splunk-sdk 1.0. I couldn't find any relevant change in the splunk-sdk 1.2. Thanks.

Tags (1)
0 Karma
Reply

gblock_splunk
Splunk Employee
Splunk Employee
‎03-19-2014 03:21 PM

@sathiyamoorthy, one other option to consider is to delete and re-created indexes using the SDK rather than clean. We do this on our internal tests and it works.

0 Karma
Reply

gblock_splunk
Splunk Employee
Splunk Employee
‎03-19-2014 11:08 AM

Hi @sathiyamoorthy

Thanks for clarifying. If you are using in development, then calling the splunk CLI was going to be my recommendation. The CLI is not using the same path as the API, it actually directly talks to the Splunk instance.

Sorry for any inconvenience this has caused you.

Thanks
Glenn

0 Karma
Reply

sathiyamoorthy
Explorer
‎03-19-2014 11:05 AM

Using this in development, executing the following external command from python script which works for now.

splunk clean eventdata -index INDEXNAME -f

Will soon be using "| delete" to delete specific data of that index rather than deleting everything.

Thanks for the recommendation I will not use the SDK method to clean summary index.

0 Karma
Reply

gblock_splunk
Splunk Employee
Splunk Employee
‎03-18-2014 11:17 AM

Hi @sathiamoorthy

We’ve done some investigation into this API and it has inconsistent results. Our recommendation is to not rely on it. We are evaluating whether or not we will keep it in future versions of the SDK.

Can you elaborate more on exactly what your use case is for this?

  • Are you using this during development, or in a production environment?
  • Is the Splunk instance running locally or on a remote machine.

Thanks
Glenn

0 Karma
Reply

gblock_splunk
Splunk Employee
Splunk Employee
‎03-17-2014 05:40 PM

Hi @sathiyamoorthy

Sorry you are having issues. Do you get any errors or output?

What OS platform are you running this on?

Thanks!

0 Karma
Reply

sathiyamoorthy
Explorer
‎03-18-2014 02:35 AM

There is no error / output. OS is redhat.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...