Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there a default retention period for an index residing in a thawed path and how is it applied?

splunker12er
Motivator
‎11-23-2014 01:22 AM

After I restore the archived data in thawed path and rebuild the index - Splunk recognizes the data.

What is the life-time of the data residing in the thawed path? Is there any default retention period for this?

By default splunk data rotation (hotdb->warmdb->colddb(deleted after 6 years))
Now, I place the buckets inside a thawed path and rebuilt it. How is that default policy is applied here?

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎11-23-2014 04:07 AM

If the bucket was frozen due to age, retention would immediately re-freeze it. If it was frozen due to index size, that would also immediately re-freeze it.

As a result, thawed buckets are outside the scope of both retention time and size restrictions for that index, the Splunk admins handle these themselves.

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...