How to delete KV Store data older than 30 days?

AditiKulkarni · ‎10-27-2015

In our application, there is a requirement where we have to retain data in KV Store for a month (i.e. 30 days) and delete data that is older than 30 days. Is there any way/configuration where we can delete the KV Store data older than 30 days? I don't want to use scheduled search for this.

Could anyone give suggestion?

tfechner · ‎09-03-2018

Any new possibility in 7.1 to remove old entries in a timebased kvstore?

masonmorales · ‎05-19-2016

Do you store any kind of timestamp in your KV store? If so, what is it called and please give an example of its value.

masonmorales · ‎05-19-2016

Also, you WILL have to use a scheduled search for this, but you only need to run it once/day. Just out of curiosity, why wouldn't you want to?

Jason · ‎05-19-2016

As far as I know, there is no method for deleting individual records from the KV store using their keys, from the search bar, or automatically from a configuration somewhere.

You could use the inputlookup and outputlookup (without append=t) commands to bring in the entirety of the collection, search through it to keep what you want (likely some sort of where on a time field), and output it back to the kv store.

Deletion is currently handled through hitting a REST endpoint with a DELETE method. Example in the UI using the Javascript SDK.

How to delete KV Store data older than 30 days?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!