I think you should simply clean the corresponding index. Clearing the index will clear all the existing events but will also automatically index the existing data from datasource if its configured to continuously pick data from datasource.
I had this problem with csv file as datasource and this approach worked for me.
To clean index, visit http://www.manvir.net/how-to-remove-the-events-from-splunk/
... View more
I have a database input configured:
source="dbmon-tail://Sample_DB/sample1"
i/p type: Tail
Rising column: modified_date
Index: default
O/p format: Multi line key value format
o/p timestamp : Un checked
Interval : auto
and placed below lines in 'props.conf' file at below path "Splunk/etc/apps/search/local/" and also in "Splunk/etc/apps/search/default/"
[sample1]
SHOULD_LINEMERGE = false
LINE_BREAKER = ([\r\n]---91827349873-dbx-end-of-event---[\r\n])
but still getting o/p as below format""
modified_date=2013-02-16 02:32:13
track=US
cause=Task
closed_date=2013/02/16
area=TC Request
---91827349873-dbx-end-of-event---
entry_id=1234
assigned_id=ABCD
status=Closed
and also unable to retrieve 'create_date' column which is existing in DB
... View more