O'Reilly logo

Mastering Splunk by James Miller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Deleting your indexes and indexed data

While Splunk continues to write data (events) to its indexes, you can remove specified indexed data or even an entire index from your Splunk environment. So, let's have a look at how to do this.

Deleting Splunk events

Splunk affords the delete special operator to delete events from your Splunk searches. The Splunk delete operator flags all the events returned so that future searches don't return them. This data will not be visible to any user (even admin permission users) when searching. However, just flagging this data using delete does not free up the disk space, as data is not removed from the index; it is just invisible to searches.

In Chapter 2, Advanced Searching, we discussed the Splunk search pipeline ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required