Hi @Yan.Solomon ,

Thank you for posting to the community.

Event Service is using Elasticsearch, and each snapshot is independent and restorable to that point in time, so you can delete old unnecessary snapshots even though it is incremental.
You can use the Elasticsearch API calls to delete the snapshots and indices backup files under indices folder.

Please see the document below for Elasticsearch API.
https://www.elastic.co/guide/en/elasticsearch/reference/2.4/modules-snapshots.html

1. All snapshots currently stored in the repository can be listed using the following command:
curl -X GET "localhost:9200/_snapshot/<my_backup>/_all?pretty"
Replace <my_backup> with your snapshot repository name.
or
<appd_home>/events-service/processor/bin/events-service.sh snapshot-list -p <appd_home>/events-service/processor/conf/events-service-api-store.properties

Snapshot repository name can be found by the following command:
curl -X GET "localhost:9200/_snapshot?pretty"

*If the repository name contains a slash, you may not be able to list snapshots with curl command. In that case, please add a new repository with a simple name having same setting so that you can use the simple name instead.
curl -X PUT "localhost:9200/_snapshot/<simple_repository_name>" -d '<same_setting_with_existing_one>'

2. A snapshot can be deleted from the repository using the following command:
curl -X DELETE "localhost:9200/_snapshot/<my_backup>/<snapshot_id>?pretty"

Above command also deletes all files that are associated with the deleted snapshot and not used by any other snapshots.

If you needs to keep only the last 7 days of backup data, you may just keep 7 days of snapshots.

Note that you need to enable port 9200(Events Service debugging port) as written in the knowledge base below.
https://community.appdynamics.com/t5/Knowledge-Base/How-do-I-enable-the-Events-Service-debugging-por...

Best Regards,
Hiroki