I am working on a project in Splunk Cloud and one of the questions I wanted to iron out was how data is stored and refreshed in Splunk. The data I am analyzing is based on real-time and I am looking for active issues and how long they have been that way for. For example, if an issue has been recurring for three minutes (just an example, could be a longer or shorter time frame), then how long will the data stay in the system for? I apologize if this is vague, but I am trying to wrap my head around how this works.
When you send data to Splunk Cloud ,It is stored on indexes. The maximum size of the index ,The maximum age of events in the index This two factor determines the data storage. maximum size of the index will specified using GB on index page.Cheap essay writing service providing best service for their customer .
I do have another question with regards to data storage. I did some research as to the quickest way to delete sets of data that you do not want to include, and here is the result I got: http://docs.splunk.com/Documentation/Splunk/6.4.1/Indexer/RemovedatafromSplunk#Remove_an_index_entir...
Is there a quicker and easier way to do this? I am just doing some trial and error work. Alternatively, can I just create an entirely new instance with the data I need?
By "testing environment" do you mean a free Splunk Cloud trial? If that's the situation, then there are no Support tickets. 🙂 You can always sign up for another trial if you want to experiment with a different setup.
Yes - my testing environment was my free trial, but it is Enterprise that is desktop based and not the Cloud. Do I need to create an entirely new account or can I piggyback off the account I already have? Thank you.
If you need to remove an index from Splunk Cloud, you have to file a support ticket. You can also just create a new index and use that, depending on the data volume you are paying for.