cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Sentinel storage is based on Log Analytics? How can we extend past 730 day limit?

David Caddick
Iron Contributor

‎Jun 13 2019 12:34 AM

‎Jun 13 2019 12:34 AM

Sentinel storage is based on Log Analytics? How can we extend past 730 day limit?

Hi All, we have a Customer that requires a retention limit of 3 years and at the moment we seem to be restricted via Log Analytics to a default of 730 days?
https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits#log-analytics-limits

Is there any way of extending this beyond the 730 day limit via other storage mechanisims?

3,183 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by David Caddick (Iron Contributor)
Ofer_Shezaf

‎Jun 16 2019 03:44 AM

‎Jun 16 2019 03:44 AM

Solution

Re: Sentinel storage is based on Log Analytics? How can we extend past 730 day limit?

@David Caddick 

 

The workspace retention cannot be extended beyond 730 days as of now. We are working on a solution to stream data to a colder storage. For now, the available option is to create a program (Azure functions, PowerShell, Logic Apps) that will read the date using the Log Analytics API and send it external storage.

 

~ Ofer

2 Likes
Reply
David Caddick

‎Jun 16 2019 08:15 PM

‎Jun 16 2019 08:15 PM

Re: Sentinel storage is based on Log Analytics? How can we extend past 730 day limit?

Thanks @Ofer_Shezaf 

 

Here in Western Australia we have the local "Office of Auditor General" reviewing local State Govt. departments and insisting that the policy is 3 years, I am assuming it is similar in most states and internationally this is likely to have other policies that are longer than the existing 2 years?
We'll run with 2 Years (730 days) for now and make a determination on that later - can you advise what the best process is to formally request this so this request can be tracked? Should it be simply via a Support request?

 

Regards,
Dave C

1 Like
Reply