Data Retention
As of July 2020, the data retention policies for Sysdig Monitor and Sysdig Secure are as described below.
When a host or instance is no longer monitored (i.e. when an agent is uninstalled), the historical data continues to be retained for the stated times.
If required, it is possible to change the standard data retention settings using Sysdig’s REST API. A Sysdig support team or professional services member should assist, as there are a variety of storage and timeline implications to consider before making such a change.
Sysdig Monitor Retention Limits
Essentials | Enterprise | |
|---|---|---|
Metrics data | 10s : 4 hours 1min : 1 week 10 min : 2 weeks 1 hr: 2 months 1 day: 15 months | same as Essentials |
Events | Alert events: 30 days Custom events: 14 days OR 10M (per customer) | same as Essentials |
Sysdig Secure Retention Limits
Essentials | Enterprise | |
|---|---|---|
Policy events | 1M events or 90 days | same as Essentials |
Activity audit | 5 days | 90 days |
Benchmarks | 30 days | 90 days |
Scan results | Image data is kept for a maximum of 7 days. Sysdig Secure will retain a maximum of 3 tags per repository and a maximum of 3 different images per tag * Images used by a container that is monitored by a Sysdig agent (Runtime images) will always be kept, regardless of the limits above. | Image data is kept for a maximum of 90 days. Sysdig Secure will retain a maximum of 5 tags per repository and a maximum of 5 different images per tag * Images used by a container that is monitored by a Sysdig agent (Runtime images) will always be kept, regardless of the limits above. |
* The image eviction conditions above are applied simultaneously; the retention policy will trigger for the first one that matches. For example, consider an Essentials account with a combination of |
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.