Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Delete existing Splunk Light events/logs from web-interface

avmik
New Member
‎03-26-2015 04:03 AM

I know about "splunk clean eventdata ...", but I want to do this action from web-interface. It's very important feature with many devices, I think. And also, I want to give some names for my IP-hosts without DNS in Splunk. Will I ever see it? Please, developers...

0 Karma
Reply

ppablo
Retired
‎03-26-2015 01:22 PM

Hi @avmik

Making a feature request on Answers isn't the best way to get it to happen unfortunately.

You can submit formal enhancement requests through:

http://www.splunk.com/index.php/submit_issue

and enter it just like a support ticket, but choose an "enhancement" option.

0 Karma
Reply

neelamssantosh
Contributor
‎03-26-2015 07:36 AM

Hey avmik,

2nd Method:
Yes we can delete the data virtually i.e, the metadata will be deleted from Indexers so that the data can't be searchable.
Note: Your index size and events will remain same size as before along with buckets.

at the end of your query add 'by clause' with delete command
eg: if you have 110hosts and you want to see only 2hosts data,
index=xxxx_index NOT host=xxx_1 NOT host=xxx_2|delete

Hope it can help you.

Reply

fdi01
Motivator
‎03-26-2015 07:33 AM

in splunk home go to :
settings > Data imputs > Files & directories
>Remote event log collections
> Local event log collection
........
you select your Data imputs type,

you go on data or event data you want to delete and delete it see picture below:
alt text

note: you can't delete default data splunk or events.

sorry for my english.

Preview file
1 KB
Reply

acharlieh
Influencer
‎03-26-2015 07:42 AM

This will prevent any new data coming in for that input, however, it would not remove any already indexed data (what clean eventdata does)

Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...