Retention Update Per Repository

Determine when the retention settings were updated for a single repository

Query

flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1[/Filter/] result{{Result Set}} repo --> 1 1 --> result
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1[/Filter/] result{{Result Set}} repo --> 1 1 --> result
logscale
type = "dataspace.retention" repoName=<REPO_NAME>

Introduction

It is possible to create a retention policy that just retains content without deleting, retains and then deletes after a specified period of time, or just deletes content after a specified period of time. The audit log event dataspace.retention records operations for data retention. This audit log type is used to determine when retention was updated for a repository.

Example incoming data might look like this:

@timestamptyperepoName
2024-09-24T10:15:00.000Zdataspace.retentionprod-logs
2024-09-24T10:15:00.000Zdataspace.retentiontest-logs
2024-09-24T14:30:00.000Zdataspace.retentionprod-logs
2024-09-24T15:45:00.000Zdataspace.retentiondev-logs
2024-09-24T16:20:00.000Zdataspace.accessprod-logs
2024-09-24T17:00:00.000Zdataspace.retentionprod-logs
2024-09-24T17:30:00.000Zdataspace.configprod-logs
2024-09-24T18:15:00.000Zdataspace.retentionstaging-logs

Step-by-Step

  1. Starting with the source repository events.

  2. flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1[/Filter/] result{{Result Set}} repo --> 1 1 --> result style 1 fill:#ff0000,stroke-width:4px,stroke:#000;
    flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1[/Filter/] result{{Result Set}} repo --> 1 1 --> result style 1 fill:#ff0000,stroke-width:4px,stroke:#000;
    logscale
    type = "dataspace.retention" repoName=<REPO_NAME>

    Filters for the audit log type dataspace.retention in a given repository (where REPO_NAME would be replaced with an actual repository name).

  3. Event Result set.

Summary and Results

The query is used to determine when retention settings were last updated for a repository. Data retention is useful as it focuses on preserving data during a specific period of time in order to meet particular business or legal requirements.

Sample output when filtering with repoName="prod-logs":

typerepoName
dataspace.retentionprod-logs
dataspace.retentionprod-logs
dataspace.retentionprod-logs