How to delete an entire splunk index / remove all events from a splunk index

‹ Parent Effectiveness Training: The Proven Program for Raising Responsible Children (Thomas Gordon) | Gorgonzola at –9 months ›

To remove all of the data from a specific Splunk index without using the slow "| delete" command:

  1. Stop Splunk
    /path/to/splunk  stop
  2. Delete all the data from a specific index (for example "main"):
    /path/to/splunk clean eventdata -index main


Subscribe to All Posts - Wesley Tanaka