Solution: Here are some commands to run to clean out the indexed data.
Note: You must first stop the Splunk service before you can run any of these commands:
./splunk stop
This example tells Splunk to remove event data in all indexes (because no index argument is specified).
./splunk clean eventdata
This example removes indexed event data from the internal index and forces Splunk to skip the confirmation prompt.
./splunk clean eventdata internal -f
Note: It can also be helpful to flush the event logs of the Server as they might refer to the server's previous name which will just add junk to Splunk's indexes.
Other Terms: Purge splunk data – delete data – clear out splunk old data - flush splunk data
No comments:
Post a Comment