Data getting rollover to Frozen bucket irrespective of frozenTimePeriodInSecs set to 365 days (31536000 secs) for the index

Hi All, Need your help in understanding the reason behind the below behavior. The data in my Index A is getting rolled over to Frozen bucket irrespective of the frozenTimePeriodInSecs set to 365 days. Here is my index configuration in indexes.conf. [A] homePath = volume:primary/A/db coldPath = volume:primary/A/colddb thawedPath = $SPLUNK_DB/A/thaweddb coldToFrozenDir = /data/splunk/Splunk_Frozen_Data/ABC_APP/A/frozen frozenTimePeriodInSecs = 31536000 I could only see data available (searchable) ONLY for last 30 days in the system. I verified the 'coldToFrozenDir' path and found the rolled over buckets. I followed the below Splunk Answer to figure out the reason behind the roll over, so that I can go and fix the problem. [https://answers.splunk.com/answers/117988/halp-my-data-is-being-rolled-to-frozen-and-i-dont-know-why.html][1] In the result, I didn't find data related to Index A. It had results of every other index which were configured to rollover at specified time interval. Also the result from the below search query confirmed data moved from cold bucket to frozen bucket index=_internal sourcetype=splunkd bucketmover freeze "*A*" INFO BucketMover - AsyncFreezer freeze succeeded for bkt='/data/splunk/var/lib/splunk/A/colddb/db_1492192312_1491334289_19' I want to know what triggered the data to move from cold to frozen, when I set the index configuration not to rollover until surpassing 365 days. Also, here are my default setting in indexes.conf. [default] # Default for each index. Can be overridden per index based upon the volume of data received by that index. # 300GB homePath.maxDataSizeMB = 300000 # 200GB coldPath.maxDataSizeMB = 200000 # VOLUME SETTINGS # In this example, the volume spec is not defined here, it lives within # the org_(indexer|search)_volume_indexes app, see those apps for more # detail. # Option1: One Volume for Hot and Cold [volume:primary] path = /data/splunk/var/lib/splunk # 500GB maxVolumeDataSizeMB = 500000 [volume:frozen] path = /data/splunk/Splunk_Frozen_Data maxVolumeDataSizeMB = 500000 Appreciate your help. Thanks.