Just completed our upgrade of NTM from 3.0 to 3.2. My only issue is that it took 18 hours to complete. This got me thinking that our settings for database maintenance might not be ideal. I would very much like to see what others are using for retention and how that’s working for them. My thought is that by lowering some of our times, might decrease the size of the database and make future upgrades process quicker. I’m also think this same logic will apply when we do our upgrade from PostgreSQL 14 to 18. Let me know what everyone’s using, very interested to see any responses.
Our recommendation is to leverage NTPs SQL database for longer-term storage and keep NTM to a tighter retention period (it is 7 days by default for events not associated with threats). Your assumption is correct, lowering the retention periods will only help with future upgrades/updates that require some form of database migration.
In the instance of your 3.2 upgrade to the latest PG14, an event migration was performed to prepare for the eventual upgrade to PG18, this would have directly been impacted by the number of events being stored in the PGSQL database.