Historical log data acts as an important component in the incident investigation process. When working on a specific incident, you can look back at log data for a specific period to find any discrepancies that can help solve cybersecurity issues. Log360 Cloud provides the option to reload historical logs.
To access historical logs, navigate to Settings → Admin → General → Reload Historical Logs.
You can reload specific log types for a period of your choice and also specify a retention period for the reloaded logs.
To create a new reload request:
Note: The time refers to the uploaded time of the logs.
Note: You can select a maximum storage retention period of 5 days..
You can use the Criteria Builder in the Advance Criteria to reload specific logs.
You can check the request completion status by clicking on the Notification icon at the top-right corner of the product console.
Note: While creating a request for reloading historical logs, if the generated time and uploaded time of the logs are different, the time range should include both..
You can also view reports and configuration details as you scroll.
Note: Only a maximum of 50 live indexes can be held at one time. If you would still like to create a new request, either delete an existing request or wait for its expiration..
Note: As per your notification settings configuration, you will receive notifications for reloading historical logs through email and SMS..