I recently completed the Splunk Cloud Admin course and it made mention that a Hybrid Search Head could be set up on-prem to read data across on-prem and cloud.
I have also read about this here and all seems fine:
Splunk Cloud Platform Service Details
But now I have just listened to this video “Apps for Splunk Cloud - Premium Apps” here
Then go into the course and play the THIRD video and listen to time from 3:10 to 3:25 it says that the use of a Hybrid search is only for up to 90 days.
Perhaps that video is out of date or perhaps I am misunderstanding.
Does anyone know about this 90 day limit as we have several customers moving to the cloud and several want Hybrid search as an option.
I don't think that's the reason. They do go on to say that hybrid search imposes performance issues especially over time if the cloud gets upgraded and the on-prem doesn't. Hopefully we will find out more as hybrid seems a good solution for the rare time when a longer search is required.
It may be said because of default 90 days storage sizing.
"Ingest-based subscriptions include sufficient storage to allow you to store up to 90 days of your uncompressed data."