Earn the most Karma on Answers for the month of July or August and win a free pass to Splunk .conf2015! For legal details, see Official Rules.
No, I don't want to share
How I can I remove specfic indexed data from an exsiting data index?
Up to 2 attachments (including images) can be used with a maximum of 524288 each and 1048576 total.
Check out http://www.splunk.com/base/Documentation/4.1.1/Admin/RemovedatafromSplunk
You can delete specific indexed data using the delete command. So in your case, you might do:
sourcetype=my_sourcetype | delete
Note that you will need to have the can_delete role and that this process is irreversible. This will NOT create disk space.
Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.
Answers and Comments
No one has followed this question yet.
Adding one more field to a sub-search.
Newbie struggling with removing "empty" lines for a search/report
Search works manually but not in dashboard
Plotting duration on chart
Regular Expression in Search