Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to increase logs retention period?

islam
Explorer
‎07-16-2020 08:53 AM

Hi,

we are asked to increase our retention period of splunk logs to 1 year.

we need to put our data to be searchable for 1 year.

i'm very confused about hot, warm and cold data, are all of them is searchable or cold data is not searchable?

how can we configure this retenion period?

 

Labels (2)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎07-16-2020 09:36 AM

Hi

I hope that this will clarify it. https://sideviewapps.com/apps/cisco-cdr-reporting-and-analytics/documentation/administrative-concept...
r. Ismo

 

0 Karma
Reply

islam
Explorer
‎07-18-2020 02:07 PM

Thank you so much, it's a very useful article.

also i have one question: the values of frozenTimePeriodInSecs and maxTotalDataSizeMB  should be put under every index or just one time at the beginning of indexes.cong file ?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎07-19-2020 03:40 AM

If those are same for all your indexes then you can put those on default stanza and if not then you should add those to the individual indexes. 

0 Karma
Reply

islam
Explorer
‎07-20-2020 01:56 AM

can i put specific period for hot and cold data, like hot data to be 6 months and cold data to be 6 moths also ?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎07-20-2020 02:27 AM

No, only cold period can defined as seconds. Hot/warm is defined by bucket count and/or size of homePath. 
r. Ismo

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...