How to delete an entire splunk index / remove all events from a splunk index

2011 August 20

To remove all of the data from a specific Splunk index without using the slow "| delete" command:
  1. Stop Splunk
    /path/to/splunk  stop
  2. Delete all the data from a specific index (for example “main“):
    /path/to/splunk clean eventdata -index main


read more…


Comments are closed.

%d bloggers like this: