How to purge events from a specific vendor after a set period of time.

We are running into disk space issues on our OrionLog database. While we work through creating rules to reduce the amount of messages being stored we would like to purge all messages from a specific vendor after a set number of days. Does anyone have any experience with SQL or SWQL in order to remove records from the Orion Log database?

We do not want to reduce the overall number of days for retention for all records.

Parents
  • So the log DB is structured very differently than most traditional databases.  The whole thing is structured  based on the timestamps when the data came in and when a table gets big enough they cap it off and generate the next one as needed.   So a query to filter by anything except timestamps is going to be tricky and you are going to end up emptying a bunch of tables with random names then having to shrink them the actually get any disk back. 

Reply
  • So the log DB is structured very differently than most traditional databases.  The whole thing is structured  based on the timestamps when the data came in and when a table gets big enough they cap it off and generate the next one as needed.   So a query to filter by anything except timestamps is going to be tricky and you are going to end up emptying a bunch of tables with random names then having to shrink them the actually get any disk back. 

Children