Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to delete old data before ingesting new data from CSV - Refresh Data?

garrywilmeth
Explorer
‎02-23-2023 08:07 PM

I have a few spreadsheets that are ingested into Splunk daily.  What is the best method to refresh the data, so I don't end up with duplicates? I am looking to do something like this:

Today: Ingest spreadsheet.csv
Tomorrow: delete previous data for spreadsheet.csv and then ingest new data

Thanks,

Garry

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-23-2023 11:18 PM

Hi @garrywilmeth,

if you're not interested to historical series, you can use the solution from @scelikok .

If instead you need to know the historical situation, you should ingest new data in an index and use time in your searches to identify the values to use.

Ciao.

Giuseppe

0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-23-2023 08:11 PM

Hi @garrywilmeth,

It seems better to use your CSV files as a lookup.

https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/ConfigureCSVlookups

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Buttercup Games: Further Dashboarding Techniques (Part 6)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...