I am new to splunk and while exploring tried the command index=main | delete.
Is there a way I can have the main index back without re-installing.
I have a Free license and don't want to end up losing the free license I have.
You can open a support case and they have the tools to undelete your data but it will be easier just to forward it in again.
Greetings @chozha,
No need to worry, you did not delete the actual index with that command. What you did is you "deleted" all of the events in the main index. All you have to do is re-index whatever data you would like to play with.
Cheers,
Jacob