I've ingested some private information into my Sumo Logic account by mistake and I want to remove it so that search results don't show this data. Is that possible?
All data sent to Sumo Logic is indexed together within a defined partition or within a general partition. To help maintain compliance the indexes created for these partitions are then stored in a Write Once Read Many (WORM) storage, which cannot be modified after creation.
You may request data be deleted from your account, however, this deletion will cover ALL data delivered into the account within a specified partition and for a specified time range. As of now, it is not possible to delete only specific messages sent into Sumo Logic.
Any request for data deletion will need to be sent to Sumo Logic Support via your account administrator. In order to ensure the fastest processing of your request please include the following information when making a request for data deletion.
- The name of the partition containing the data to be removed.
- The time range, along with timezone, that returns this data in a search. This time range should be based on the receipt time of the message. To confirm the time range you may use the "Use Receipt Time" option found under the time range selection of your search.
- Please CC an additional administrator on your support request as a secondary verification contact.
An alternative for deleting the data from the account would be to create Role filters that will hide the unwanted data so it is not searchable by users within the account. To do this one can apply a role filter matching this data to the user roles for whom the unwanted data should not be visible.