Earn the most Karma on Answers for the month of July or August and win a free pass to Splunk .conf2015! For legal details, see Official Rules.
How I can I remove specfic indexed data from an exsiting data index?
Up to 2 attachments (including images) can be used with a maximum of 524288 each and 1048576 total.
Check out http://www.splunk.com/base/Documentation/4.1.1/Admin/RemovedatafromSplunk
You can delete specific indexed data using the delete command. So in your case, you might do:
sourcetype=my_sourcetype | delete
Note that you will need to have the can_delete role and that this process is irreversible. This will NOT create disk space.
Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.
Answers and Comments
No one has followed this question yet.
Single value visualization on mutliple-series result
combine xml log, two search and value to field
Error in Case Statement
Field Value is not picking in search interface ??
Show 2 Fields in Table where 1 is a subset of the other