Configuring data purge

Configure purge in one or both of the Data Archive page or the Data Export page. Although the purge configuration is on the same page, purge is enabled independently of Archive and Export.

About this task

Important: The Purge configuration is used by both Data Archive and Data Export. The Purge that is configured in the Data Archive page applies to archived data, and in the Data Export page to exported data.
The amount of data that can be stored on the appliance depends on many criteria, including appliance type, disk space, and policy. The data storage period must be adjusted to reflect the optimal balance between data accessibility and quick response time of the system process. Data purge configuration depends on the application and is highly variable, depending on business and auditing requirements.
  • The default value for purge is 60 days.
  • The purge schedule is not affected during an upgrade.
  • To purge many records (10 million or higher), a large batch size setting (500k to 1 million) is the most effective. Using a smaller batch size or NULL results in a much slower purge time for large purges. Smaller purges finish quickly. Specify a large batch size for large purges only. Set the purge size with the GuardAPI set_purge_batch_size.
  • When a unit type is changed from managed unit to standalone or vice versa, the default purge schedule is applied.
  • Purge does not delete records that are still “in use” (for example: open sessions).

Schedule purge on collectors, after the export or archive. Schedule purge on aggregators after the import.

Important: If purging is activated, and Allow purge without exporting or archiving checkbox is selected, and both Data export and Data Archive are run on the same day, then the first operation that runs probably purges any old data before the second operation's execution. When Data export and Data Archive are both configured, the purge age must be greater than the export age and the archive age. For example, data that is older than one day and younger than two days is archived; data that is older than seven days and younger than eight days is archived.
CAUTION:
There is no warning when you purge data that is not archived or exported by a previous operation.

The purge operation does not purge restored data whose age is within the Don't purge restored data for at least timeframe that is specified by a restore operation.

Procedure

  1. Check the Purge checkbox.
  2. Use the Purge data older than field to specify a starting day for the purge operation as a number of days, weeks, or months before the current day, which is day zero. All data from the specified day and all older days is purged, except as noted. The starting purge date must be greater than the Export data older than and Archive data older than values, if export or archive are configured.
  3. If the data is exported to a non-Guardium system, check Allow purge without exporting or archiving.
  4. Clear Allow purge without exporting or archiving to prevent purge from running before both export and archive are completed. If archive and export are both configured and this checkbox is selected, the purge process runs with the overall process, meaning it runs after the first of export or archive that completes its run. For example, archive is scheduled to run at 01:00 and export is scheduled to run at 03:00. Purge runs immediately after archive, and probably before the export, and therefore there won't be a file to export. If this checkbox is cleared, then purge runs after both archive and export are complete.

What to do next

Verify that the operation completed successfully. Go to Manage > Reports > Data Management > Aggregation/Archive Log. Each archive operation shows multiple activities. Check that the status of each activity is Succeeded.