How to purge unnecessary data from Google Chronicle SIEM in 2023? I have access to both Chronicle and Google Cloud consoles but can't find the data ingestion management section
Purge unnecessary data from Google Chronicle SIEM year 2023
+1
+11Chronicle SIEM has a rolling retention based upon your license, e.g., if you have 18 months retention then you will have data back to July 2023 as of Jan 2025. This is the first thing I would suggest you verify, what is your license retention period.
That said, other than changing your global retention, there is no way to selective purge data, hence you won't find such a setting in the Chronicle UX and GCP. This is by design, as Chronicle SIEM acts as a system of record.
+1Thank you, Martin. I understand that Chronicle SIEM has rolling retention based on the license.
Could you please guide me on how to determine my current license retention period? I'd like to start my investigation there.
Thanks again for your assistance
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.