Splunk Cloud Platform
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Cloud Dynamic Data: Active Archive

blakem
Explorer
‎11-26-2020 12:11 AM

I have a few questions about archiving in Splunk cloud. Specifically DDAA which needs to be purchased.

1. How long can data be archived?

I believe DDAA has a maximum of ten years?

2. How much data can be restored at a time?

I believe it's something like a maximum of two days worth at a time, and restored data will remain available for 30 days?

3. Is it possible to offboard from DDAA?

If we log a support ticket to have the data moved to an S3 bucket for example?

Thanks,
Blake

Labels (2)
0 Karma
Reply

blakem
Explorer
‎11-26-2020 12:29 AM

Some answers here - https://www.splunk.com/en_us/blog/platform/dynamic-data-data-retention-options-in-splunk-cloud.html

"When you restore data using DDAA, a copy is available in your Splunk Cloud instance for 30 days, after which it is deleted automatically. "

Question remains though, am I capped with how much I can restore at a time? I'm assuming if I have 10 years of archived data, I can't just restore the whole 10 years worth.

0 Karma
Reply

lznger88_2
Path Finder
‎07-14-2021 08:06 PM

Hey blakem,

Did you manage to find out if you could move data from DDAA to a self-storage location in AWS, GCP etc.?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...