The ES archiving feature of Log360 UEBA enables users to archive the anomalies detected earlier in compressed index files. The user has the flexibility to define what time period constitutes earlier anomalies. This feature can be accessed running rawConfig.do on the server where Log360 is running.
In case older and archived data needs to be fetched, Log360 UEBA will first unarchive the data and show the results.
This leads to better storage management, and improved performance for the end user.