Data Retention
As of July 2020, the data retention policies for Sysdig Monitor and Sysdig Secure are as described below.
When a host or instance is no longer monitored, i.e. when an agent is uninstalled, the historical data continues to be retained for the stated times.
Note: If required, you can change the standard data retention settings by using Sysdig’s REST API. A Sysdig support team or professional services member should assist, as there are a variety of storage and timeline implications to consider before making such a change.
Sysdig Monitor Retention Limits
Metrics data | 10s : 4 hours 1min : 2 days 10 min : 2 weeks 1 hr: 3 months 1 day: 12 months |
Events | Alert events: 30 days Custom events: 14 days or 10M (per account) |
Sysdig Secure Retention Limits
Essentials | Enterprise | |
|---|---|---|
Policy events | 1M events or 90 days | same as Essentials |
Activity audit | 5 days | 90 days |
Benchmarks | 30 days | 90 days |
Scan results The image eviction conditions above are applied simultaneously; the retention policy will trigger for the first one that matches. | Image data is kept for a maximum of 7 days. Sysdig Secure will retain a maximum of 3 tags per repository and a maximum of 3 different images per tag * Images used by a container that is monitored by a Sysdig agent (Runtime images) will always be kept, regardless of the limits above. | Image data is kept for a maximum of 90 days. Sysdig Secure will retain a maximum of 5 tags per repository and a maximum of 5 different images per tag * Images used by a container that is monitored by a Sysdig agent (Runtime images) will always be kept, regardless of the limits above. |
Vuln Management Reports | 14 days | same as Essentials |
Captures | 90 days | same as Essentials |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.