IDPS events older than 14 days are not purged which is why older data still shows up in the UI and API. 

4.1.1

IDPS events older than 14 days not purged for N-S traffic.

This is a known issue in 4.1 which has been resolved in 4.2. 


Workaround:

To clear the older IDPS data from the database.

1) Login as Root user on NSX-manager, exec the below 

- cd /opt/vmware/bin
- ./corfu_tool_runner.py -t ids_event_data -n security_data_service --port 9040 --diskPath /nonconfig/browser -o clearTable --diskBacked=true

2) As admin mode, restart idps-reporting across all 3 managers
 - restart service idps-reporting


Note: The above workaround will delete all IDPS events data.