I added a CSV file (sample1.csv) through "Upload files from my computer" (My host is DESKTOP-7FST5G). I did different search queries with it.
After some time I added second CSV file (sample2.csv)
If I do search now (eg index="main" ) it queries sample1.csv and sample2.csv at the same time. But I want only work with sample2.csv.
I tried to find a solution, but I found only one way:
host=DESKTOP-7FST5G | delete
But this query removes both sample1.csv and sample2.csv.
Can I specify for removal only sample1.csv?
As @sduff said, the easiest/best way is to use the source
field, but you can also use the _time
field (with earliest= latest=
) and the _indextime
field (with _index_earliest= _index_latest=
).
You can use the source
field to be able to distinguish between the 2 sets of data.
If you do host=DESKTOP-7FST5G source="*sample1.csv"
, check that this returns only your first sample's data. If that true, then you can delete just sample1's data with host=DESKTOP-7FST5G source="*sample1.csv" | delete