To create an events index:

1. Select Settings > Indexes.
2. Click New Index
3. In the Index name field, specify a unique name for the index. Index names can contain only lowercase letters, numbers, underscores, or hyphens. They must begin with a lowercase letter or number.
4. Set Index Data Type to Events.
5. In the Max raw data size field, specify the maximum amount of raw data allowed before data is removed from the index. Set this value to zero to specify an unlimited maximum raw data size. This is a data retention setting.
6. In the Searchable time (days) field, specify the number of days before an event is removed from an index. This is a data retention setting.
7. In the Dynamic Data Storage field, select Splunk Archive to send data to the Splunk Dynamic Data Active Archive, or choose Self Storage to move expired data to your own self-storage area. If you don't want to maintain expired Splunk data, leave No additional storage selected.
8. If you enabled data self storage, select a location for data self storage. Or, click Edit self storage locations to add a new self storage location. For more information about data self storage and instructions for configuring a data self storage location, see Manage your Indexes and Data in Splunk Cloud.
9. If you enabled Dynamic Data Active Archive, configure retention settings for the archive. For more information, see Archive expired Splunk Cloud Platform data.
10. Click Save.
11. Required step for Classic Experience customers: If this new index must be available to data collection apps on your IDM, contact Splunk Support and request they sync the index with your IDM. This ensures communication between the new index and any data collection apps running on the IDM. If you have a support contract, log in and file a new case using the Splunk Support Portal. Otherwise, contact Splunk Customer Support.

The events index appears after you refresh the page. Retention settings are applied to individual indexes, and data retention policy settings apply to all of the data that is stored in your Splunk Cloud deployment. Monitor and verify that the data retention settings for all indexes do not meet or exceed the values set in the data retention policy. For more information, see Data retention.