Splunk Cloud

Splunk Cloud User Manual

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Splunk Cloud data policies

Splunk Cloud administers your data according to the policies described below.

Data retention

When you send data to Splunk Cloud, it is stored in indexes. Splunk Cloud retains data based on index settings that enable you to specify when data is to be deleted or moved to self storage. To configure different data retention settings for different sources of data, store the data in separate indexes according to the desired retention policy.

You can configure the number of days for data to be searchable by configuring the Searchable time (days) setting for an individual index.

To do this, go to Settings > Indexes, and select the index for which you want to change retention settings. Under Actions, select Edit to open settings for the index. In the Searchable time (days) field, enter the number of days you would like the data to be searchable, and click Save

Index data is stored in directories called buckets. Data is deleted by deleting entire buckets, not individual events. When the maximum age or size of the Index is reached, buckets are deleted or moved starting with the oldest buckets first. Buckets are removed until the index no longer exceeds the configured limit. If you use data self storage or archiving, buckets are not deleted until the data is successfully moved to your self storage or archive location.

Data retention is based on your subscription type, which is either a workload-based or ingest-based subscription. For more details about data retention policies, see the Storage section of the Splunk Cloud Service Description.

Data ingestion and daily license usage

Splunk Cloud administers your data based on your subscription type. For more information, see Data policies in the "Subscription types" section of the Splunk Cloud Platform Service Description.

Backup policy

Splunk Cloud continuously maintains and monitors your deployment. For more information, see the "Ensures Splunk Cloud Platform uptime and security" section of Splunk maintenance responsibilities in the Splunk Cloud Platform Service Description.

Last modified on 12 April, 2021
PREVIOUS
Overview of Splunk Cloud administration
  NEXT
Monitor Splunk Cloud deployment health

This documentation applies to the following versions of Splunk Cloud: 8.1.2101, 8.1.2103


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters