How to remove all the events from Splunk

By on

To remove all events from host, we need to actually clean the index that is applied on that host. To clean the corresponding index, run this cli command –

Open command prompt and navigate to %SPLUNKinstallationdirectory%/bin.

splunk stop
splunk clean eventdata -index [indexname] –f
splunk start

Example – To clean index named ‘default’
Splunk stop
splunk clean eventdata -index default –f
splunk start

Example – To clean all indexes
Splunk stop
splunk clean eventdata –f
splunk start

To allow splunk administrator to clean index ,who doesn’t know these commands, simply put these in a batch file and let the administrator run this batch file.

set /p var=Enter Splunk installation folder that has splunk.exe –
cd %var%
splunk stop
splunk clean eventdata -index main -f
splunk start

Categories: Splunk
«
»

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Trackbacks

Leave a Comment

Your email address will not be published. Required fields are marked *