Rhize Product documentation
Deploy
Maintain
Archive the Audit trail

Archive the Audit trail

The audit trail can generate a high volume of data, so it is a good practice to periodically archive portions of it. An archive separates a portion of the data from the database and keeps it for long-term storage. This process involves the use of detaching QuestDB Partitions. Detached partitions can be added back in at a later date.

Archiving a partition improves query speed for current data, while providing a cost-effective way to store older data.

Prerequisites

Before you start, ensure you have the following:

  • A designated backup location, for example ~/rhize-archives/libre-audit.

  • Access to the Rhize Kubernetes Environment

  • Optional: kubectx utilities

    • kubectx to manage multiple clusters
    • kubens to switch between and configure namespaces easily

  • Optional: the k8 Lens IDE, if you prefer to use Kubernetes graphically

Also, before you start, confirm you are in the right context and namespace.

## context
kubectl config current-context
## namespace
kubectl get namespace

To change the namespace for all subsequent kubectl commands to libre, run this command:

kubectl config set-context --current --namespace=libre

Steps

To archive the Rhize Audit trail, follow these steps:

  1. Access QuestDB admin console by port forwarding 9000 on the QuestDB service. Start by Identifying QuestDB Service using

    $ kubectl get svc -n <namespace> | grep quest

  2. Forward the QuestDB console service port locally using

    $ kubectl port-forward service/<quest-service-name> 9000 -n <namespace>

  3. Using the browser open http://localhost:9000 to the QuestDB console

  4. Record the <PARTITION_NAME> of the partition you wish to detach and archive. This is based on the retention-period query for the names of the existing partitions. Execute the following query in the QuestDB console.

    SHOW PARTITIONS FROM audit_log;

    QuestDB Console Query - SHOW PARITIONS FROM audit_log;

  5. Detach the target partitions from the main table:

    ALTER TABLE audit_log
DETACH PARTITION WHERE time < '<TIMESTAMP i.e. 2025-12-31T23:59:59.99999Z>';

    QuestDB Console Query -`ALTER TABLE audit_log DETACH PARITION WHERE time < ā€˜2025-12-31T23:59:59.99999Zā€™

    On success, the command renames the partitions in /root/.questdb/db/audit_log*/<partition_name> to /root/.questdb/db/audit_log*/<partition_name>.detached.

  6. Move partitions out of QuestDB into cold storage:

    Identify the name of the partitions detached in the audit_log directory:

    $ kubectl exec -it questdb bash -c "ls /root/.questdb/db/audit_log*/*.detached -d -w 1"

    Example:

    $ kubectl exec -it questdb bash -c "ls /root/.questdb/db/audit_log*/*.detached -d -w 1"
/root/.questdb/db/audit_log~9/2025-12-15.detached
/root/.questdb/db/audit_log~9/2025-12-16.detached
...
/root/.questdb/db/audit_log~9/2025-12-31.detached

  7. For each partition copy it out of the pod:

    kubectl cp questdb:/root/.questdb/db/<audit log directory>/<detached partition>.detached

    Example:

    kubectl cp questdb:/root/.questdb/db/audit_log~9/2025-12-15.detached 2025-12-15.detached
Successfully copied 78.8kB to .\2025-12-15.detached

  8. Then the partition can be removed from QuestDB

    kubectl exec -it questdb rm -rf /root/.questdb/db/<audit log directory>/<detached partition>.detached

    Example:

    $ kubectl exec -it questdb bash -c "rm -rf /root/.questdb/db/audit_log~9/2025-12-15.detached"

    Repeat for any additional partitions.

Next Steps

BPMN execution recovery