Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Delete existing Splunk Light events/logs from web-interface

avmik
New Member
‎03-26-2015 04:03 AM

I know about "splunk clean eventdata ...", but I want to do this action from web-interface. It's very important feature with many devices, I think. And also, I want to give some names for my IP-hosts without DNS in Splunk. Will I ever see it? Please, developers...

0 Karma
Reply

ppablo
Retired
‎03-26-2015 01:22 PM

Hi @avmik

Making a feature request on Answers isn't the best way to get it to happen unfortunately.

You can submit formal enhancement requests through:

http://www.splunk.com/index.php/submit_issue

and enter it just like a support ticket, but choose an "enhancement" option.

0 Karma
Reply

neelamssantosh
Contributor
‎03-26-2015 07:36 AM

Hey avmik,

2nd Method:
Yes we can delete the data virtually i.e, the metadata will be deleted from Indexers so that the data can't be searchable.
Note: Your index size and events will remain same size as before along with buckets.

at the end of your query add 'by clause' with delete command
eg: if you have 110hosts and you want to see only 2hosts data,
index=xxxx_index NOT host=xxx_1 NOT host=xxx_2|delete

Hope it can help you.

Reply

fdi01
Motivator
‎03-26-2015 07:33 AM

in splunk home go to :
settings > Data imputs > Files & directories
>Remote event log collections
> Local event log collection
........
you select your Data imputs type,

you go on data or event data you want to delete and delete it see picture below:
alt text

note: you can't delete default data splunk or events.

sorry for my english.

Preview file
1 KB
Reply

acharlieh
Influencer
‎03-26-2015 07:42 AM

This will prevent any new data coming in for that input, however, it would not remove any already indexed data (what clean eventdata does)

Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...