Splunk Search

Accidentally deleted main index - Need help

chozha
New Member

I am new to splunk and while exploring tried the command index=main | delete.
Is there a way I can have the main index back without re-installing.

I have a Free license and don't want to end up losing the free license I have.

Tags (1)
0 Karma

woodcock
Esteemed Legend

You can open a support case and they have the tools to undelete your data but it will be easier just to forward it in again.

0 Karma

jacobpevans
Motivator

Greetings @chozha,

No need to worry, you did not delete the actual index with that command. What you did is you "deleted" all of the events in the main index. All you have to do is re-index whatever data you would like to play with.

Cheers,
Jacob

Cheers,
Jacob

If you feel this response answered your question, please do not forget to mark it as such. If it did not, but you do have the answer, feel free to answer your own post and accept that as the answer.
0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...