The data in Splunk is now subject to auditing and compliance controls. A customer would like to ensure that at least one year of logs are retained for both
Windows and Firewall events. What data retention controls must be configured?
The data in Splunk is now subject to auditing and compliance controls. A customer would like to ensure that at least one year of logs are retained for both
Windows and Firewall events. What data retention controls must be configured?
To ensure that at least one year of logs are retained for Windows and Firewall events in Splunk, the data retention controls that must be configured are 'maxTotalDataSizeMB' and 'frozenTimePeriodInSecs'. The 'maxTotalDataSizeMB' parameter limits the total size of data that can be stored, while the 'frozenTimePeriodInSecs' parameter defines the time for which the data is retained before it is frozen. Together, these settings manage both the size and time-based retention policies necessary for complying with auditing and compliance controls.
A is the one
I would say A, Splunk volume is nothing specific
'e' is missing in "maxTotalDataSizMB"
A is correct.
A, the rest of configuration doesnt have sense