How do I delete previously loaded data before new ...

shivendra_infy · ‎12-01-2016

Hi

I am using SQL Source as my Data Source. I have written a Select query which loads data in the Database every 5 minutes. Now, what I need is before the Select query loads data in Splunk, I need to delete the previously loaded data.

puneethgowda · ‎12-03-2016

I have the same question data is appending but old data and new data will be same some time so i am seeing less than 1,000 rows in MS sql live db and 10,000 rows in splunk which means 1000*10=10,000 but there should be 1,000 rows only as it is in ms sql i mean mirroring !:)

ddrillic · ‎12-02-2016

You can always run <base query> | delete which would delete the returned data.

martin_mueller · ‎12-02-2016

Have you considered a live db lookup instead of deleting and reindexing the data every few minutes?
If you can't do a live lookup, consider writing the data into the key value store instead of indexing it. There you can delete, update, etc.

For actually indexed data, delete and update aren't valid operations.

How do I delete previously loaded data before new data is indexed in Splunk?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Monitoring AI Agents with Splunk Observability Cloud

Join the Conversation