Splunk Search

How to clear search history?

louisjannett
Engager

Hi everyone,
I have a short question in regard to my search history. How can I clear the entire search history of a specific user or of all users?

The suggested file in this post (https://answers.splunk.com/answers/6159/how-do-i-clear-my-search-history.html?utm_source=typeahead&u...) does not exist in my log directory. In addition, the searchhistory.log file in var/log/splunk is empty.

Thanks in advance!

1 Solution

horsefez
SplunkTrust
SplunkTrust

Hi @louisjannett,

I bet you are searching in the wrong directory.
Each user has it's own private search history.

Try finding it at the following path

/opt/splunk/etc/users/<nameofuser>/search/

Hope this helps!

View solution in original post

horsefez
SplunkTrust
SplunkTrust

Hi @louisjannett,

I bet you are searching in the wrong directory.
Each user has it's own private search history.

Try finding it at the following path

/opt/splunk/etc/users/<nameofuser>/search/

Hope this helps!

View solution in original post

louisjannett
Engager

Thanks! I didn't look for that directory.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!