Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

influence of removing index for ITSI

kanam
Loves-to-Learn Everything
‎12-13-2020 01:32 AM

Now I want to remove one index.

However I've already create some service and entity related to the index in ITSI.

After removing index once, I'll create new index as same name.

Is there some influence for ITSI?

Tags (1)
0 Karma
Reply

kanam
Loves-to-Learn Everything
‎12-14-2020 03:56 PM

richgalloway,

 

Thank you for reply.

How about when I create new index as same index name?

ex) Now I use index "TEST" for ITSI

     Once I delete it.

     And I create index "TEST" for ITSI again.

 

Then, will ITSI run well same as before?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-15-2020 05:20 AM

My answer is predicated on the index name not changing, as stated in the original posting.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-13-2020 11:37 AM

Yes.

When the index is removed, ITSI will not find data in that index.  Depending on what your searches do, ITSI could be silent or it could generate alerts (missing entities, service is down, etc.).

The same will be true when the index is replaced until there is sufficient data in the index to satisfy the searches.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...