How do I delete previously loaded data before new ...

shivendra_infy · ‎12-01-2016

Hi

I am using SQL Source as my Data Source. I have written a Select query which loads data in the Database every 5 minutes. Now, what I need is before the Select query loads data in Splunk, I need to delete the previously loaded data.

puneethgowda · ‎12-03-2016

I have the same question data is appending but old data and new data will be same some time so i am seeing less than 1,000 rows in MS sql live db and 10,000 rows in splunk which means 1000*10=10,000 but there should be 1,000 rows only as it is in ms sql i mean mirroring !:)

ddrillic · ‎12-02-2016

You can always run <base query> | delete which would delete the returned data.

martin_mueller · ‎12-02-2016

Have you considered a live db lookup instead of deleting and reindexing the data every few minutes?
If you can't do a live lookup, consider writing the data into the key value store instead of indexing it. There you can delete, update, etc.

For actually indexed data, delete and update aren't valid operations.

How do I delete previously loaded data before new data is indexed in Splunk?

Get Operational Insights Quickly with Natural Language on the Splunk Platform

What’s New in Splunk Observability Cloud – June 2025

Almost Too Eventful Assurance: Part 2

Are you a member of the Splunk Community?

How do I delete previously loaded data before new data is indexed in Splunk?

Get Operational Insights Quickly with Natural Language on the Splunk Platform

What’s New in Splunk Observability Cloud – June 2025

Almost Too Eventful Assurance: Part 2