Data Retention
- 20 Apr 2023
- 3 Minutes to read
- Print
- DarkLight
- PDF
Data Retention
- Updated on 20 Apr 2023
- 3 Minutes to read
- Print
- DarkLight
- PDF
Article Summary
Time-Series Data
Netreo stores the time-series data (the sort of data you would typically see displayed in a graph) that it collects from managed devices in individual database files.
The first time a managed device is polled, Netreo's data polling engine creates a new database file for each statistic being collected. The structure of this file is such that it does not grow in storage size as new data is added. Instead, it "rolls up" older data into averages of itself, freeing up space for the newer, more granular data values. As a result, Netreo can retain data for three (3) years. However, as you look farther back in time, the data becomes less granular and more averaged.
Data that has reached its retention time limit (see tables below) is no longer rolled-up and is simply overwritten with the most recent value. This ensures that Netreo's data footprint does not grow unless you add more managed devices (thus more database files).
Peaks and AveragesPeak data values are rolled-up and stored separately from averaged data values using a MAX function. This prevents historical peaks from being blunted over time through averaging. Both peak and average data values are retained according to the same schedule.
By default, Netreo retains data for the following periods:
General Time-series (Statistic) Data
| Data Granularity | Retention Period |
|---|---|
| 1-minute | 7 days |
| 5-minute | 100 days (just over a single quarter) |
| 30-minute | 196 days (just over 6 months) |
| 4-hour | 3 years |
Per-process Time-series (Statistic) Data
(CPU per process, memory usage per process)
| Data Granularity | Retention Period |
|---|---|
| 5-minute | 9 days |
| 30-minute | 35 days |
| 4-hour | 365 days |
When displaying time-series data in graphs, Netreo always shows the most granular data (shortest collection period) available that covers the entire time period of the graph. Therefore a report runs in Netreo with a start date of 120 days ago will show data from the 30-minute average (the most granular for that time period). Zooming into that graph will show the most granular data available for the zoomed time period, allowing you to quickly get to the most granular data level available.
Keep in mind that even a graph zoomed-in to maximum will only display data as granular as is available for that historical period. To zoom in to 1-minute data, a graph must only be displaying data that is less than 7 days old. If any data points older than that are included on the graph, it will revert to 5-minute data. To zoom in to 5-minute data, a graph must only be displaying data that is less than 100 days old. To zoom in to 30-minute data, a graph must only be displaying data that is less than 196 days old. And so on.
Log-Style Data
| Data type | Retention |
|---|---|
| Alert, Notification, Incident | 3 million records for EACH type |
| Syslog, Event Log, SNMP Trap | 3 million records TOTAL |
| Device configuration | Unlimited time for the 2 most recent configurations for each device 3 years for older configurations |
For historical-log-type data (such as Syslog, alert history, audit logs, detailed call records, and the like) Netreo will store the last 3 million records, regardless of date. Each log type is handled independently, so Netreo stores 3 million of each type (except SNMP trap and Syslog—which are stored together). In most environments, this provides several years of log history. However, in very high-traffic environments, it may be less. Netreo stores time-series data for log monitoring as indicated in the time-series data section above.
Traffic Flow Data
Traffic flow data is accounting type data on specific IP connections. This type of data is provided by technologies such as NetFlow, sFlow, and IPFIX.
Netreo stores this data in two ways:
| Data type | Retention Period |
|---|---|
| 1-minute flow logs (individual connection data) | 6 hours |
| Hour conversation summaries | 7 days |
The detailed 1-minute flow logs, which are stored for 6 hours include specific information on individual TCP connections between devices. Also, time-series flow data (overall volume per application per interface) is stored as indicated in the time-series data section above.
Please contact Netreo support to discuss your requirements if you need additional flow log storage. Some environments may require additional hard disk capacity to accommodate larger flow archives.
Was this article helpful?