Thursday, March 10, 2011

Splunk - Purge Data

http://www.splunk.com/base/Documentation/4.1.7/Admin/RemovedatafromSplunk
- To purge all indexed data
1. Stop splunk
$SPLUNK_HOME/bin/splunk stop
2. Purge all data
$SPLUNK_HOME/bin/splunk clean eventdata -f
(-f option is to avoid being asked if you really delete the index.)
This command delete all the data in $SPLUNK_HOME/var/lib/splunk/
3. Start splunk
$SPLUNK_HOME/bin/splunk start

- If you want to purge a specific index, for example, "main" index
$SPLUNK_HOME/bin/splunk clean eventdata main -f

posted by Jayanthi Krishnamurthy @ 11:51 AM   0 Comments

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home

Newer›  ‹Older