Hey Carry, Deleting the bucket being the only way out to reclaim space, I have some queries on buckets. I'm not having the buckets in the "db_newesttime_oldesttime" naming convention. All I have is "defaultdb" and "metaventdb" in my splunk which has .tsidx files and raw data. Can I do a clean based on the .tsidx timestamp as well? or I need to delete the defaultdb/metaeventdb ? Also the index names as mentioned in the document are "main", "_internal" and "_audit". Is *.tsidx also the index? How to identify a index directory? If you can give an example of a bucket name, I could search for similar stuff in my splunk as well. Thanks in advance. Note: I'm using splunk version 3.4.13 as of now. ... View more