Customer wants alerts data to be retained for a month online and complete data for 6 months offline, What is additional storage required for this?

Actually this depends on how many alerts are coming today and how much it is expected to increase over time. You can check the per day size of vunet-1-1-notification-xxxx.xx.xx indices for the last X days you are currently retaining and check the max size consumed on a day. Then you can try to use this kind of calculations

Max size consumed per day (Only primary shards) = 30MB

Add about 30% buffer =~ 50MB

Size Per Month you need on /data disks = 1.5 GB

In case you need replication (only if you have multiple analyzers), you need double the space (~3GB)

For offline archival space, Lets assume 20% month on month increase in alerts, Total size you need for 6 months is approx 9GB of space in any offline archive partition. Only primary shard space is considered for archives.

Hope this helps.

Related Articles
Data retention settings- 452
Solution Document Managing Data Retention Settings Overview General/Customer specific General Author Mantika Jadhav Reviewer Seema Approver Ravi Release date 19/07/2022 Product Version 8.5r5 Audience: CSG/TechWarriors/PAC/Platform/Product teams ...
Error in adding data enrichment entry 581
Solution Document Error in adding data enrichment entry Overview General/Customer specific General Author Niveditha Reviewer Seema Approver Sendil Release date 05/09/2022 Product Version 8.5r9 Audience: CSG/TechWarriors/PAC/Platform/Product teams ...
Ticket ID 1192 : Data Retention is not working
Solution Document [1192] Data Retention is not working Overview General/Customer specific General Author Yash Gawhad Reviewer NA Approver NA Release date 03/11/2023 Product Version 9.5r0 Audience: CSG/TechWarriors/PAC/Platform/Product teams What’s ...
Receiving Errors in logs while trying to use Evaluation Script for populating Additional field in Summary of Alert mail.Same is working perfectly fine for few alerts.
Refer Below Evaluation Script Used to populate Additional field from BMV to Summary of Alert Mail. def get_vumetric_value(metric_dict, vuMetricName, metricName): if not metric_dict: return None if vuMetricName not in metric_dict: return ...
Duplicate documents are reflecting for snmp data in ES - 536
Solution Document Duplicate documents in Elasticsearch Overview General/Customer specific General Author Rukmini Reviewer Aman,Siva Approver Release date 03/08/2022 Product Version 9.1r3 ...

Customer wants alerts data to be retained for a month online and complete data for 6 months offline, What is additional storage required for this?

Customer wants alerts data to be retained for a month online and complete data for 6 months offline, What is additional storage required for this?

Related Articles

Data retention settings- 452

Error in adding data enrichment entry 581

Ticket ID 1192 : Data Retention is not working

Receiving Errors in logs while trying to use Evaluation Script for populating Additional field in Summary of Alert mail.Same is working perfectly fine for few alerts.

Duplicate documents are reflecting for snmp data in ES - 536