I have been trying to wipe out an eval instance of splunk to start again, but I keep getting errors. I then upgraded to the latest version of splunk and tried again. I tried stopping all splunk services and issuing the clean command while splunk was stopped and continue to get an error. I used to get a failure to wipe out the dirty_database, now I am getting an error: could not delete "d:\program files\splunk\var\log\splunk" there are no more files...
Short of completely uninstalling - any ideas?
Copy the db directories to a cd, so you can hang it on the wall later if things don't work out.
Reinstall Splunk.
Try to copy the db directories back to their original location. If that does not work, hang the cd on the wall as a reminder.
If you issued a clean command, then there is no usable date in the db directories, but the cd will not be empty, so it must be worth something.
If you followed best practice, and you have already deleted your data with clean, then save all .../local files, so you can restore them later.
My preference is to save the entire ...splunk/etc folder, just in case.
Splunk is powerful, but the real power is found in the custom configurations of splunk, which are found in .../splunk/etc/*.
Why have you not contacted splunk support?
Based on what you are saying, if you don't care about the data, just wipe it out and re-install it. You'll have Splunk up and running in a couple of minutes rather than messing with the errors.
I did that, but it won't scale. I want to delete the data. Permanently. Irretrievably. To a point of metaphysical nonbeing. Yesterday's data does not matter. It's archived elsewhere. The CLEAN command seems to be locked away in a newbie-proof bottle.