We have an Elastic Cloud instance which uses the default "cloud-snapshot-policy" for back-ups. We had a separate service running in GCP which manages data retention which was misconfigured and trimmed 9 months of data which was supposed to be kept.
When we went to use the restore option in Kibana we noticed that back-ups are only kept for ~72hrs, meaning we have lost that data forever.
Our concern with this default is if something goes wrong Friday evening and it doesn't get picked up until Tuesday (say it's a bank holiday weekend) it will be too late.
Under Stack Management > Data > Snapshot and Restore > Polices, I attempted to edit the "cloud-snapshot-policy" and change the back-up cron schedule to every hour (0 0 */1 * * ?
) and under retention, change the "Delete After" to 3 days and max. count to 200. As I do so, I get the following warning:
(!) This is a managed policy. Changing this policy might affect other systems that use it. Proceed with caution.
As I understand it, this policy is therefore managed by the Elastic Cloud infrastructure and I shouldn't change it? Given the aforementioned logic, how do we satisfy our risk in losing data? Additionally, does anyone have any experience in running Elastic Cloud with a much longer data retention period? Anything we should know/consider?
Thanks in advance.