The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: Posted by ias

Topics 1–1 of 1

Topic	Author	Replies	Latest Post
How to conform to a strict log-retention policy? In: SplunkAdministration (Not tagged) Thank you both for the continued help on this. However, none of the suggestions seem to be working in ... # du -h defaultdb/ 8.0K defaultdb/db/GlobalMetaData 8.0K defaultdb/db/hot_v1_0/rawdata/.compressedAddresses 110M defaultdb/db/hot_v1_0/rawdata 238M defaultdb/db/hot_v1_0 238M defaultdb/db 8.0K defaultdb/thaweddb 8.0K defaultdb/colddb 238M defaultdb/ Also, ... .. and yes I restarted Splunk. Yes, all data are in the main index. This configuration is not working - I can still see events older ... "Keep in mind that the newest event in any "bucket" must be older than the current time minus the frozen ... I have: {{frozenTimePeriodInSecs = 259200}} ... which is 3 days, however there are events (from ... My organization will soon enact a strict log-retention policy which states that no logs shall be stored ...	ias Posts	16	33 months ago...

Forums: Posted by ias

Description:

Permalink:

Splunk.com

Product:

Solutions:

Industries:

Partners:

About_us:

Support:

Services:

Resources:

Download