Keeping Logs with VMware Aria Operations for Logs SaaS
VMware Aria Operations for Logs SaaS has been activated, you've deployed an on-prem Cloud Proxy and are now collecting data. As per the terms of service, logs are kept for 30 days, but what if you want to keep them longer than 30 days? We'll use Log Partitions do it, here's how!
Aria Operations for Logs SaaS uses two types of storage:
Indexed Storage: this is what supports your default partition and where the latest 30 days of logs are kept. It runs on high performance AWS EBS technology.
Non-Indexed Storage: this is what supports additional partitions to be used for logs beyond 30 days. It runs on less performant AWS S3 technology. You can keep logs here for up to 7 years.
Log into your VMware Cloud Services Portal, select VMware Aria Operations for Logs, go to Log Management - Log Partitions.
I have 3 Indexed Partitions and 3 Non-Indexed Partitions, you can configure your Ingestion Order. By default logs are ingested into Non-Indexed Partitions first, Indexed Partitions next, and the Default Partition last.
Looking a little closer at the Non-Indexed Partitions, you'll see three of them, two of which are keeping logs for a year.
You'll notice these have filters on them, if you'd like all logs ingested into a Non-Indexed Partition and kept for a year, do something like this.
Notice the Routing Filter: text Exists. This will ingest all logs into this Non_Indexed Partition. I've also checked the "Data forwarding to Indexed Partitions" box and the "Forward all logs" radio button, so logs will also be ingested into my Default Indexed Partition.
For more information on VMware Aria Operations for Logs SaaS and many other Aria products and services, please see the VMware Cloud Management YouTube Channel!