When you archive data in a Log Analytics workspace, it stays in the same table as the data that's available for interactive queries. You can learn much more about retention and archive in the Official documentation pages When you set a total retention period that's longer than the interactive retention period, Log Analytics automatically archives the relevant data immediately at the end of the retention period. When you no longer use the logs, but still need to keep the data for compliance or occasional investigation, archive the logs to save costs.Īrchived data stays in the same table, alongside the data that's available for interactive queries. If you only need to query data occasionally, consider using the log analytics archive option.ĭuring the interactive retention period, data is available for monitoring, troubleshooting, and analytics. Archiving allows you to keep older, less frequently used data in your workspace at a reduced cost. These policies are important for managing the cost of storing data in the workspace, as well as for ensuring that you have access to the data you need when you need it. Retention policies in a Log Analytics workspace determine when to remove or archive data. Retention and Archive Policies in Log Analytics Workspaces Storage account export via Logic Apps - recommended for users who rarely need to perform queries on the data and have their storage account set in a different region than their log analytics workspaceġ.Exporting Data to an Azure Storage Account - recommended for users who rarely need to perform queries on the data or have specific querying needs.Azure Data Explorer (ADX) - recommended for users who need to frequently query the data.Retention and Archive Policies in Log Analytics Workspaces - recommended for users that want to query the data on occasion.Learn how to choose the best solution for your organization. We'll explore the options for storing and searching Sentinel logs, including their capabilities and key selection criteria. We'll cover the main features of each option and provide guidance on how to implement them in your organization. In this blog, we'll examine the various options available for storing and searching Sentinel logs beyond the default 90-day retention period. This could be due to regulatory requirements or simply as a means of maintaining a secure backup of your log data. As an Azure Sentinel user, you may have encountered the need to store and search your log data for extended periods of time.
0 Comments
Leave a Reply. |