Data retention of at least 6 months

Hello guys, I'm built this query, do you think it's reliable to check which index should be increased for home/cold sizes? | tstats latest(_time) as latest,earliest(_time) as earliest WHERE index=* by index host source | eval lasttime=strftime(latest, "%Y-%m-%d") | eval firstevent=strftime(earliest, "%Y-%m-%d") | eval stoday=strftime(now(),"%Y-%m-%d") | eval months_ago=(now()-15552000) | eval diff=months_ago-earliest | eval resultat=if(match(diff,"-"),"- 6 mois","+ 6 mois") | sort index,host,source,firstevent | fields - latest lasttime stoday months_ago earliest diff Thanks.