matthewmodestino
commented
6 years ago Hi there!
you can clean out your indexes in splunk by using the ./splunk clean command.
Check out ./splunk help clean from the cli for more info on the flags available, or you can simply delete the indexes from the GUI then re-add them.
An example might be:
./splunk clean eventdata -index k8s
Be advised this will delete all data in the index and cannot be undone.
I am new to Splunk and trying to set up K8S forwarding with Splunk. I was successful in forwarding K8S logs from my DEV K8S to Splunk by installing ta-k8s-logs in K8S. However I would now like to forward K8S logs from QA K8S environment to the same Splunk server (since we do not have more licenses). Is there a way to delete the existing data/tables in Splunk and start pushing the logs from QA ?