Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to deal with data that was uploaded twice?

sudarshan391
Path Finder
‎10-04-2017 07:08 AM

Hi Experts,

I am now in a strange situation, we have a index in which we uploaded .csv files for every month and for previous month data has been uploaded two times. now splunk is showing duplicate entries.

Can someone please suggest how can I get through this situation?
I want to remove duplicate entries for last month from index.

Thanks.

Regards,
Sud

Reply

somesoni2
Revered Legend
‎10-04-2017 07:19 AM

You can use delete command to remove those duplicate records from any future search (it actually makes those records unsearchable but doesn't actually deletes it/removes from disk). See this for more information on the same.
https://docs.splunk.com/Documentation/Splunk/7.0.0/Indexer/RemovedatafromSplunk#Delete_events_from_s...

Please ensure that you run the search without delete command first and validate that you got only the records that you want to delete.

0 Karma
Reply

prosenjit2707
Explorer
‎10-04-2017 07:16 AM

Check out this link:
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Delete

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...