...un different stats command and make use in my dashboard. 2) Also, I have used timerange of last 7 days ( to summary index last 7 days data) but only first 3 days data is being written to S...
How to removedata of a particular sourcetype in an index ?
index=myindex has three soucetypes , st1, st2 and st3.
I want to remove all data of st2 . How to do that ?
I have the following events
<190>May 4 20:20:36 data.test.com 1,2023/05/04 20:20:35,013001101002958,test,end,2305,2023/05/04
I want to remove everything before the second comma (i...
I just moved my homePath and coldPath to a new location, and wanted to delete the data stored on Splunk's default index location ($SPLUNK_DB). I would leave it, but it's using the bulk of that p...
Hi Folks,
Can anyone suggest how to remove the below data getting indexed to indexer and also how to remove the data which is already indexed?
timestamp syslog_host user remote_host c...
I have an indexer cluster with 8 indexers and a master node.
Now, I need to remove an indexdata, the index name is "tomcat"
How to quickly removeindexdata from an indexer cluster? d...
...ll the data showing up, but there is a small yellow triangle indicating one peer is not searchable. so i removed this peer from cluster master , now the error is gone. i would be re-adding this a...
...hosen to remove the old_data index from the cluster, then add it back again. I have performed these steps: 1. Stop any data being sent to the index. 2. Edit indexes.conf and delete the index...
Hello,
We have a use case.
Using the Splunk DB Connect, we ingest data from the various systems especially from the ERP.
Every change on an article in the ERP is pushed into a temp DB which i...
...have dedup in place for the queries. So for any updates, will the old duplicate be removed automatically based on index time? Or should i have to incorporate anything specific to remove old r...