Use log repositories to organize and manage your third-party log data according to specified ingestion and retention policies.
Log repositories ingest and retain third-party log data forwarded by collectors. You
may set specific ingestion and retention policies for each log repository to efficiently
organize your third-party log data. Available ingestion and retention settings include:
-
Ingestion types
-
Analytic: Ingests log data for analysis, correlation, and threat hunting
-
-
Retention types:
-
Analytic: Allows for frequent retrieval of log data for analysis, correlation, and threat hunting. Default retention period: 30 days
-
 |
NoteCompliance ingestion and retention types for managing infrequently accessed log data
are coming soon.
|
To ingest log data, you must add collectors connected to a deployed Service Gateway
with the Third-Party Log Collection Service installed. All connected collectors collect
log data according to the specified ingestion and retention settings. To ingest log
data for a different purpose or retain log data for a different purpose or period,
create a new log repository with the desired settings.