Splunk Dev

python sdk clean index does not seem to work

sathiyamoorthy
Explorer

Logged in as admin, and executing clean method on an index does not seem to work:

tt.indexes['test_index'].clean()

Logged in to splunk web and able to see data which has been indexed before the clean() is executed.

Should I do anything else to actually clean the index?

Using splunk 6 and splunk-sdk 1.0. I couldn't find any relevant change in the splunk-sdk 1.2. Thanks.

Tags (1)
0 Karma

gblock_splunk
Splunk Employee
Splunk Employee

@sathiyamoorthy, one other option to consider is to delete and re-created indexes using the SDK rather than clean. We do this on our internal tests and it works.

0 Karma

gblock_splunk
Splunk Employee
Splunk Employee

Hi @sathiyamoorthy

Thanks for clarifying. If you are using in development, then calling the splunk CLI was going to be my recommendation. The CLI is not using the same path as the API, it actually directly talks to the Splunk instance.

Sorry for any inconvenience this has caused you.

Thanks
Glenn

0 Karma

sathiyamoorthy
Explorer

Using this in development, executing the following external command from python script which works for now.

splunk clean eventdata -index INDEXNAME -f

Will soon be using "| delete" to delete specific data of that index rather than deleting everything.

Thanks for the recommendation I will not use the SDK method to clean summary index.

0 Karma

gblock_splunk
Splunk Employee
Splunk Employee

Hi @sathiamoorthy

We’ve done some investigation into this API and it has inconsistent results. Our recommendation is to not rely on it. We are evaluating whether or not we will keep it in future versions of the SDK.

Can you elaborate more on exactly what your use case is for this?

  • Are you using this during development, or in a production environment?
  • Is the Splunk instance running locally or on a remote machine.

Thanks
Glenn

0 Karma

gblock_splunk
Splunk Employee
Splunk Employee

Hi @sathiyamoorthy

Sorry you are having issues. Do you get any errors or output?

What OS platform are you running this on?

Thanks!

0 Karma

sathiyamoorthy
Explorer

There is no error / output. OS is redhat.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...