About Log360 Cloud's Storage Tiers

In this page:

• About Storage Tiers
• Workflow
• Core capabilities and operational benefits

About Storage Tiers

Log360 Cloud offers multiple storage tiers for efficient managing, flexible retention, and cost reduction. This multi-tiered storage option lets you apply different retention policies across the collected data. Each storage tier lets you specify what type of logs can be stored and how they need to be cleaned up. Each tier can be customized with its own retention period, log types, sources, and filtering criteria, making it possible to retain important logs for longer durations while minimizing the storage of less relevant or high-volume logs.

This approach helps organizations control storage consumption and prioritize critical logs without compromising on cost or performance. Log360 Cloud also offers you detailed statistical analysis of log trends across tiers.

The following capabilities form the core of the storage management system in Log360 Cloud:

• Storage Tiers
• Storage Stats Analysis

Storage Tiers

Storage Tiers allow you to define separate log retention strategies for different types of logs. Instead of applying a single policy across all data, you can create up to twenty custom tiers, each with its own configuration for log types, sources, retention periods, and optional filters, such as log severity levels, host IP, and device name.

Each tier supports two types of retention:

• Search retention: Defines how long logs remain available for live search, alerting, and reporting.
• Archive retention: Defines how long logs are retained in long-term storage after they leave the search storage.

Log360 Cloud includes the following built-in tiers:

• Default Storage Tier: Store logs that do not match any custom tier. This tier cannot be disabled or deleted.
• Alert Storage Tier: Store logs that match configured alert profiles. These logs are analyzed in real time to trigger alerts based on configured thresholds or conditions.
• Correlation Storage Tier: Store logs that match configured correlation rules, which analyze multiple log events across sources to detect attacks or suspicious behavior.

Storage Tiers can be edited, disabled, cleaned, or deleted (except built-in ones). Any changes apply only to newly collected logs. If a tier is disabled, logs are routed to the next matching tier or the default tier. Existing logs within a disabled tier are retained until their retention period ends.

Storage Tiers help you retain important logs for longer durations and purge high-volume or less relevant logs early, resulting in better control over storage.

Storage Stats Analysis

To help visualize how storage is consumed across different tiers, Log360 Cloud offers detailed usage insights through the Stats Analysis view. You can track storage trends over time, identify high-volume log sources, and analyze which log types are contributing most to overall storage usage.

Statistics can be filtered by storage tier, log type, and log source. The visual graphs display both log size and log count, based on the time logs were received rather than the original timestamp of the log event.

You can filter using a custom date range, with a maximum limit of 365 days. For Default and Custom Storage Tiers, Top Log Sources and Top Log Types tabs help identify the devices or event categories contributing most to storage consumption. For Alerts and Correlation Storage Tiers, the respective Top Profiles and Top Rules tabs highlight alert profiles or correlation rules generating the most log volume. This visibility allows administrators to adjust retention policies, apply filters, or reassign logs to more appropriate tiers for better storage optimization.

Workflow of Storage Tiers

The workflow starts with the collection of incoming logs, which are then analyzed by the detection engine and assigned to storage tiers based on specific criteria to ensure efficient storage and processing.

1. Log collection: All incoming logs are routed to the detection engine.
2. Log processing: Logs are analyzed based on criteria such as log source, log type, username, and severity , etc.
3. Tier matching: Each log is evaluated against all configured storage tiers.
4. Custom tier: Logs matching custom tier configurations are directed to the respective custom storage tiers.
5. Priority-based routing: If multiple tiers have identical configurations, logs are routed to the tier with the highest priority as set by the user.
6. Default tier: Logs that do not match any custom tier are sent to the default storage tier.
7. Detection engine: Following tier assignment, logs undergo further processing, including correlation, alert, and threat detection.

Core capabilities and operational benefits of Storage Tiers

Log360 Cloud's storage tiering capabilities enable IT and security teams to manage log data intelligently, control retention at scale, and reduce overall storage overhead without compromising on visibility or compliance. These capabilities help teams:

• Implement tier-specific retention policies: Apply targeted search and archive durations based on log type or source, ensuring critical data is preserved while less relevant logs are systematically removed according to the configured retention policy.
• Optimize storage cost: By separating frequently queried logs into search storage and moving less-accessed data to archive storage
• Visibility into usage trends : Leverage the built-in statistics to get visibility into storage trends across tiers, highlighting which log categories contribute most to usage. These insights support informed decisions around tier configuration and resource allocation.

Read also

This document detailed the key features and operational benefits of Storage Tiers in Log360 Cloud. To learn how to configure and manage these capabilities in your environment, refer to the following articles:

• Configuring Storage Tiers
• Managing Storage Tiers