Currently we are running Splunk server 4.2.3 on a RHEL 5.7 machine and we have set the retirement policy to delete the events which are older than 365 days(31536000 seconds). But when i check the main index for earliest events its giving me earliest event as Nov 5, 2006 3:10:54 PM. My index.conf looks like this-

[default]
maxConcurrentOptimizes = 20
memPoolMB = auto
maxDataSize = auto
defaultDatabase = main
frozenTimePeriodInSecs = 31536000
maxTotalDataSizeMB = 1000000

[main]
maxMemMB = 4096
maxConcurrentOptimizes = 15
maxHotIdleSecs = 1209600
maxDataSize = auto_high_volume
coldPath = /data01/splunk_data/defaultdb/colddb
maxWarmDBCount = 350

[_blocksignature]
homePath = $SPLUNK_DB/blockSignature/db
coldPath = $SPLUNK_DB/blockSignature/colddb
thawedPath = $SPLUNK_DB/blockSignature/thaweddb
maxDataSize = 1000
maxTotalDataSizeMB = 0

[os]
thawedPath = $SPLUNK_DB/os/thaweddb
homePath = $SPLUNK_DB/os/db
coldPath = $SPLUNK_DB/os/colddb
maxHotIdleSecs = 1209600
maxDataSize = auto_high_volume
maxMemMB = 2048