How to delete KV Store data older than 30 days?

AditiKulkarni · ‎10-27-2015

In our application, there is a requirement where we have to retain data in KV Store for a month (i.e. 30 days) and delete data that is older than 30 days. Is there any way/configuration where we can delete the KV Store data older than 30 days? I don't want to use scheduled search for this.

Could anyone give suggestion?

tfechner · ‎09-03-2018

Any new possibility in 7.1 to remove old entries in a timebased kvstore?

masonmorales · ‎05-19-2016

Do you store any kind of timestamp in your KV store? If so, what is it called and please give an example of its value.

masonmorales · ‎05-19-2016

Also, you WILL have to use a scheduled search for this, but you only need to run it once/day. Just out of curiosity, why wouldn't you want to?

Jason · ‎05-19-2016

As far as I know, there is no method for deleting individual records from the KV store using their keys, from the search bar, or automatically from a configuration somewhere.

You could use the inputlookup and outputlookup (without append=t) commands to bring in the entirety of the collection, search through it to keep what you want (likely some sort of where on a time field), and output it back to the kv store.

Deletion is currently handled through hitting a REST endpoint with a DELETE method. Example in the UI using the Javascript SDK.

How to delete KV Store data older than 30 days?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases