Getting Data In

How does Splunk Cloud handle frozen data and format logs?

christiang
New Member

Hi, I am evaluating Splunk Cloud and I have two questions which answers I could not find on the web:

  1. How does Splunk Cloud handle frozen data? Does it delete it automatically, can I download it and store it on-premise?
  2. If I don't want Splunk Cloud anymore, can I get back my logs? In case I can, in which format will the logs be? Splunk's or raw?

Thanks in advance.
Regards,
Christian

Tags (3)
0 Karma
1 Solution

esix_splunk
Splunk Employee
Splunk Employee

For the following:

1) Splunk Cloud doesn't freeze data to external storage, it deletes it. You can manually export it via GUI.

2) If you cancel your contract, you can work with you account manage for different export options. Typically export is in raw format.

Hope that helps.

View solution in original post

atricarico_splu
Splunk Employee
Splunk Employee

I thought I would update the answer to this post since Splunk now has new capabilities and features available for archiving data indexed in Splunk Cloud.

Splunk Cloud now provides a subscription-based method to archive data from Splunk Cloud indexes to storage managed by Splunk. This option is called Dynamic Data: Active Archive (DDAA).
DDAA is a managed offering and allows for data to be re-indexed back into Splunk Cloud should there be a need to thaw the data.

Splunk Cloud also provides a method for customers to archive data from Splunk Cloud indexes to AWS S3 storage paid for and managed independently by the customer. This option is called Dynamic Data: Self-Storage (DDSS).
With DDSS if a customer wants to make the archived data searchable, they will need to spin up their own separate instance of Splunk Enterprise to thaw the data.

See the following articles:

Dynamic Data: Data Retention Options in Splunk Cloud
https://www.splunk.com/blog/2018/10/11/dynamic-data-data-retention-options-in-splunk-cloud.html

Dynamic Data: Self-Storage - Compliance, Cloud and Data Lifecycle
https://www.splunk.com/blog/2018/04/24/dynamic-data-self-storage-compliance-cloud-and-data-lifecycle...
,I thought I would update the response to this question, since Splunk Cloud now has greater functionality and flexibility with regard to archiving data.

There is a subscription-based offering to archive data in Splunk Cloud to S3 storage managed by Splunk
This option is called Dynamic Data: Active Archive (DDAA).
DDAA allows data to be restored to Splunk Cloud from the archive storage.

There is also an option for customers to utilize their own S3 storage to export and store archived data outside of Splunk Cloud.
This option is called Dynamic Data: Self-Storage (DDSS).
DDSS requires that customers spin up their own Splunk instance to thaw the data should they need to make it searchable.

See the following articles:

Dynamic Data: Data Retention Options in Splunk Cloud
https://www.splunk.com/blog/2018/10/11/dynamic-data-data-retention-options-in-splunk-cloud.html

Dynamic Data: Self-Storage - Compliance, Cloud and Data Lifecycle
https://www.splunk.com/blog/2018/04/24/dynamic-data-self-storage-compliance-cloud-and-data-lifecycle...

esix_splunk
Splunk Employee
Splunk Employee

For the following:

1) Splunk Cloud doesn't freeze data to external storage, it deletes it. You can manually export it via GUI.

2) If you cancel your contract, you can work with you account manage for different export options. Typically export is in raw format.

Hope that helps.

View solution in original post

christiang
New Member

Thanks a lot!

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!