Chronicle SIEM has a rolling retention based upon your license, e.g., if you have 18 months retention then you will have data back to July 2023 as of Jan 2025.  This is the first thing I would suggest you verify, what is your license retention period.

That said, other than changing your global retention, there is no way to selective purge data, hence you won't find such a setting in the Chronicle UX and GCP.  This is by design, as Chronicle SIEM acts as a system of record.

Thank you, Martin. I understand that Chronicle SIEM has rolling retention based on the license.

Could you please guide me on how to determine my current license retention period? I'd like to start my investigation there.

Thanks again for your assistance