I'm going to do it anyway... From our documentation:

I ran out of disk space so I changed the archive policy, but it's still not working
If you changed your archive policy to be more restrictive because you've run out of disk space, you may notice that events haven't started being archived according to your new policy. This is most likely because you must first free up some space so the process has room to run. Stop the indexer, clear out ~5GB of disk space, and then start the indexer again. After a while (exactly how long depends on how much data there is to process) you should see INFO entries about BucketMover in splunkd.log showing that buckets are being archived.

Consider using btool to verify that the setting that you changed is the one actually being used.

Hey @gsypsomos, The buckets don't roll until the last record of each bucket reaches the time specified, so that might be your issue (RE: That setting is supposed to remove anything over 1.25 years old in my data.). As for eliminating the warm bucket and frozen bucket -- you can change your configuration files on those, but I believe the rule of thumb is to definitely use the warm bucket because the search will check the time range on each bucket to see if it should search for results inside of the bucket and can skip the entire bucket if it does not fit that range. This wiki has some more info: https://wiki.splunk.com/Deploy:BucketRotationAndRetention

frozenTimePeriodInSecs only applies to cold data, not hot data. You'll want to check out maxHotSpanSecs, maxWarmDBCount, maxHotBuckets, maxHotIdleSecs, et al to control hot/warm buckets.