splunk remove

amurleopard

Remove data inputs, user accounts, or saved searches.
Syntax:

	remove [object] [-parameter <value>| <value>]

	remove excess-buckets [index-name]

	remove cluster-peers peers [-parameter <value>] ...

	remove shcluster-member

	remove monitor source

	remove user <username>

	remove role <rolename>

	remove [licenser-pools|licenses]

	remove licenses hash 

	remove -name <pool name>

Objects:

	remove exec                		remove scripted inputs
	remove index               		removes an index
	remove cluster-master      		Remove a master from the list 
of instances a searchhead searches across
	remove excess-buckets      		Remove excess buckets in the 
cluster.
	remove cluster-peers       		Remove downed peers from the 
cluster master.
	remove shcluster-member    		Remove the specified member if 
run on the captain or, if run on a non-captain member, remove that member from 
the search head cluster.
	remove monitor             		remove monitored directory 
inputs
	remove app                 		remove specified app name
	remove tcp                 		remove TCP (network) inputs
	remove udp                 		remove UDP (network) inputs
	remove forward-server      		remove servers to forward data 
to
	remove user                		removes a user
	remove role                		removes a role
	remove licenses            		removes a license from a stack
	remove licenser-pools      		removes a pool within a stack

Required Parameters:

	(For remove exec)
		source              		command and arguments to remove

	(For remove index)
		name                		name of index

	(For remove cluster-master)
		master_uri          		the value of the master uri

	(For remove cluster-peers)
		peers               		Comma separated guids of the 
peers to be removed

	(For remove monitor)
		source              		path to a directory to index

	(For remove app)
		name                		the name of the app

	(For remove tcp)
		source              		port where Splunk should listen 
for events

	(For remove udp)
		source              		port where Splunk should listen 
for events

	(For remove forward-server)
		hostport            		in the format <host>:<port> 
where host and port are hostname or IP address of the indexing server and port 
that the indexer is listening on

	(For remove user)
		username            		the name of the Splunk user 
account to remove

	(For remove role)
		rolename            		The name of the role

	(For remove licenses)
		hash                		hash of the license file to 
remove

	(For remove licenser-pools)
		name                		name of the pool to remove

Optional Parameters:

	(For remove cluster-master)
		secret              		the secret/pass4SymmKey used 
for the master

		site                		the site-id for the searchhead 
for this master

	(For remove excess-buckets)
		index               		index to remove excess-buckets

	(For remove shcluster-member)
		mgmt_uri            		If run on the captain, this is 
the management uri of the member to be removed.

Examples:

	'./splunk remove cluster-master https://127.0.0.1:8089 -secret 
testsecret'

	'./splunk remove cluster-master -master_uri https://127.0.0.1:8089 
-secret testsecret'

	'./splunk remove excess-buckets'

	'./splunk remove excess-buckets main'

	'./splunk remove cluster-peers -peers GUID'

	'./splunk remove cluster-peers -peers GUID1,GUID2,GUID3'

	./splunk remove shcluster-member -mgmt_uri https://myserver:1234

	./splunk remove app unix

	./splunk remove licenses BM+S8VetLnQEb1F+5Gwx9rR4MGGG5E3gQgV4Y91AkIE=

	./splunk remove licenses BM+S8VetLnQEb1F+5Gwx9rR4MGGG5E3gQgV4Y91AkIE=

	./splunk remove licenser-pools foo

Type "help [command]" to get help with parameters for a specific command.

Complete documentation is available online at: 
http://docs.splunk.com/Documentation