×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
dc99dc99
New Member
Member since: ‎03-21-2014
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-21-2014
Activity Feed
View All

Re: Can I delete specific data from an index?

by in Getting Data In
‎03-21-2014 09:02 AM
‎03-21-2014 09:02 AM
I thought that might be the case. We'll be more careful separating out indexes in future ... View more

Can I delete specific data from an index?

by in Getting Data In
‎03-21-2014 07:27 AM
‎03-21-2014 07:27 AM
I know this has been asked before, but I'm hoping that I've misunderstood how deletion works. The situation is that we have a single main index with 500,000,000 items in it, and 300,000,000 of those are the result of someone accidentally writing their windows security logs from their production machines into the index. We're extremely low on disk space and in lieu of getting more provisioned, which is problematic I hoped I might be able to remove those entries out of the index somehow. I know I can run a delete, but I understand this won't remove the data from the index. I also realise I can delete a whole index using the CLI, or delete data from an index based on an expiry strategy. Can i remove data from an index that's mixed with other data from the same time period, or am I completely stuck? Perhaps I can move the data we want to keep to a new index and delete the erroneous data. Am I permanently stuck with those 300,000,000 junk rows? Please help David ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM