Hi everyone, I have found similar questions and responses to this type of scenario, but I can’t seem to find a way to create an API version of the Shell commands to remove eventdata under a specific index. The Shell version of the commands would be: Command 1: splunk stop Command 2: splunk clean eventdata –<index> Command 3: splunk start The end goal is to use API calls to remove a retired index from the main indexer, and then delete the subsequent log event data on the server that falls under that index. I already have the API command to delete the index, I am just having trouble configuring the API call to remove that subsequent data. Any help would be greatly appreciated. Thank you! ... View more