Forums: SplunkAdministration: Deleting data from a specific source?

Previous Topic: Unusual Hosts showing in Splunk -- Where do these come from?  |   Next Topic: Is splunk safe in production


Posts 1–3 of 3  |  Post to this topic
1
gfoden's Mugshot posted by: gfoden  |  posts
date: December 28, 2007
permalink

Is there any way of deleting data from a specific source (for example a file) that has already been indexed by Splunk? Maybe to reindex data from the same source but which this time is different from the previous data.

2
araitz's Mugshot posted by: araitz  |  posts
date: December 28, 2007
permalink

The delete command will not 'remove' data from a specific source, but it will hide it from search:

http://www.splunk.com/doc/latest/admin/DeleteFromIndex

3
gfoden's Mugshot posted by: gfoden  |  posts
date: December 28, 2007
permalink

thanks for that

Post to this topic

You must be logged in to post a reply.










close

Flash required to play this video.

Click here to download the free Flash Player.

Description:

Permalink: