Note: This article applies to Splunk Cloud only.
Indexes store the data sent to your Splunk Cloud deployment. You can create, update, delete, and view index properties, modify data retention settings for individual indexes, delete data from indexes, and optimize search performance by managing the number of indexes and the data sources stored in specific indexes. See manage Splunk Cloud indexes to learn best practices for indexes.
Storage is based on your subscription type. You can also purchase additional data retention capacity. For more information, see the following information in the Splunk Cloud Service Description:
If you need to store data beyond your retention allocation and have a Managed Splunk Cloud, you can augment Splunk Cloud with Dynamic Data Self Storage (DDSS) or Dynamic Data Active Archive (DDAA). DDSS is available by default to Splunk Cloud customers. DDAA is a low-cost option to move your data to a Splunk-maintained searchable archive.
Splunk Cloud places the data you send in indexes you self-manage from the Indexes page in Splunk Web. Splunk Cloud retains data based on index settings that enable you to specify when to delete data. Review the Splunk Cloud data policies before you configure data retention settings for different data sources. Data is not searchable after Splunk Cloud deletes it from the index. It's a best practice to store data in separate indexes to meet your audit and compliance requirements.
Things to know
If you've configured DDAA or DDSS, as data ages from searchable indexes, data automatically moves to the appropriate repository when the storage meets the retention setting for an index. The Splunk Cloud Monitoring (CMC) app is part of Splunk Cloud and is available to help you monitor Splunk Cloud deployment health. CMC indexing dashboards display details about your storage consumption, data stored, and number of days of retention for each index.
DDSS: Exports your oldest data to your AWS S3 or Google Cloud Platform (GCP) account before deleting it from the index. Review the requirements for Dynamic Data Self Storage to see how to export your aged, ingested data. Also see Dynamic Data: Self-Storage – Compliance, Cloud and Data Lifecycle.
DDAA: Stores expired Splunk Cloud data to a Splunk-managed archive. For details on the procedure to configure archive settings for indexes, see How Dynamic Data Active Archive works. Also see Dynamic Data: Data Retention Options in Splunk Cloud.
Things to do
- Compare managed Splunk Cloud to self-service Splunk cloud. Review the Splunk Cloud Service Details and see the FAQ for Splunk Cloud and Self-service Splunk Cloud FAQ.
- Create a Splunk Cloud index and manage data retention settings. Review how to manage Splunk Cloud indexes and create a cloud index and set up data retention.
- Learn more about the importance of data retention. Review Splunk Cloud service limits and constraints
- Learn about DDAA and DDSS storage entitlements. Review the Storage section in the Splunk Cloud Service description.