As bucket has moved to frozen when all events in this bucket has older than frozenTimePeriodInSecs, this usually means that you have some older event in those buckets. Otherwise those have already frozen and removed. Maybe you have just added this data source and/or someone has added there (e.g. restored from backups) some older files which match your collecting criterias.
Basically you just waiting that those all events in those buckets have older than 35 days and then those will deleted.
maxHotSpanSecs = <positive integer>
* Upper bound of timespan of hot/warm buckets, in seconds.
* This is an advanced setting that should be set
with care and understanding of the characteristics of your data.
* Splunkd applies this limit per ingestion pipeline. For more
information about multiple ingestion pipelines, see
'parallelIngestionPipelines' in the server.conf.spec file.
* With N parallel ingestion pipelines, each ingestion pipeline writes to
and manages its own set of hot buckets, without taking into account the state
of hot buckets managed by other ingestion pipelines. Each ingestion pipeline
independently applies this setting only to its own set of hot buckets.
* If you set 'maxHotBuckets' to 1, splunkd attempts to send all
events to the single hot bucket and does not enforce 'maxHotSpanSeconds'.
* If you set this setting to less than 3600, it will be automatically
reset to 3600.
* NOTE: If you set this setting to too small a value, splunkd can generate
a very large number of hot and warm buckets within a short period of time.
* The highest legal value is 4294967295.
* NOTE: the bucket timespan snapping behavior is removed from this setting.
See the 6.5 spec file for details of this behavior.
* Default: 7776000 (90 days)