Setting Elasticsearch Retention Threshold

Complete these steps to configure the Elasticsearch retention threshold:

  1. Go to ADMIN > Settings > Database > Archive Data.
  2. Select the low and high percentage thresholds under:
    1. Hot Threshold - When the Hot node cluster disk utilization falls below Low value, then events are moved to Warm nodes until the Hot node cluster utilization reaches High value. If Warm nodes are not defined, but Archive is defined, then events are archived. If neither Warm nodes nor Archive are defined, then events are purged.
    2. Warm Threshold - When the Warm node cluster disk utilization reaches Low value, then:
      • If Archive is defined, then events are archived until Warm node cluster disk utilization reaches High value
      • If Archive is not defined then events are purged until the Warm node cluster disk utilization reaches High value
    3. Archive Threshold - Snapshots are archived. When Archive Mount Point disk utilization reaches Low value, then snapshots are purged until disk utilization reaches High value.
  3. Click Save.