Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

What is multisite cluster retention policy?

hiph151
Explorer
‎03-18-2019 07:44 AM

Hi there,

A question regarding the retention policy approach in a clustered multi site-cluster two sites with each 3 indexers (replication factor 2+1).

We are planning a retention policy over 120 days and I feel the indexer's attitude towards cold to frozen is still somewhat unclear. Is that true that the cluster master handles the backup handling (coldToFrozen) and thus not every indexer pushes the cold buckets too frozen, otherwise we would have a huge storage space requirement.

https://answers.splunk.com/answers/241066/how-is-bucket-deletion-due-to-retention-managed-in.html

Many thanks!

0 Karma
Reply

nickhills
Ultra Champion
‎03-18-2019 09:35 AM

Each indexer manages its own cycling from cold->frozen (and indeed hot->warm->cold)
The default behaviour of which (if left unconfigured) is to delete the data once frozen.

It is true to say, the CM maintains the process on behalf of the cluster (ie marking buckets as frozen) but each indexer is responsible for removing (or freezing) its own copy of the data

If my comment helps, please give it a thumbs up!
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

New: Search and Personalization just got a major upgrade!

Hello Splunkers,  We’re excited to share two big upgrades coming to community.splunk.com today. These changes ...

Tech Talk | AI-Powered Data Management

  Now On-Demand   Join our Splunk experts for an exclusive Tech Talk as we explore the Cisco Data Fabric ...

GA: Detection Studio and Exposure Analytics in Enterprise Security (ES) 8.5

In this latest release of Enterprise Security (ES), we are excited to announce that  Detection ...