Splunk Dev

How to delete all data of index using python?

ejespiritu
Explorer

Hi All,

So I'm wondering if it's possible to use a python script that runs on a schedule to delete all the content of an index.

Thanks!

0 Karma
1 Solution

PowerPacked
Builder

Hi @ejespiritu

Take a look at the Delete command, here is the link.

https://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Delete

You can make this as a scheduled search, make it run frequently to delete the data.

& another thing to remind of is, you need to have delete permissions enabled for you role to delete the data from index ( delete permissions are separate from admin permissions )

Thank you

View solution in original post

0 Karma

PowerPacked
Builder

Hi @ejespiritu

Take a look at the Delete command, here is the link.

https://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Delete

You can make this as a scheduled search, make it run frequently to delete the data.

& another thing to remind of is, you need to have delete permissions enabled for you role to delete the data from index ( delete permissions are separate from admin permissions )

Thank you

0 Karma

soumyasaha25
Contributor

Do you want the data to be deleted permanently from the index (disk) or just want it to be unsearchable while still retaining the data on the indexes (disks).

0 Karma

ejespiritu
Explorer

delete permanently as i need it to be replaced as a whole every month

0 Karma

soumyasaha25
Contributor

yes, as @PowerPacker pointed out below, you can run a scheduled search and set "run script" in alert actions to delete the index.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...