MS Ai Insider

Streamline Log Analytics Management: Automate Retention Period Configuration with PowerShell

Posted by

ailona

–

November 4, 2024

Microsoft’s latest blog post discusses an automated method to configure the total retention period for log analytics workspace tables. It outlines the two retention states—interactive and long-term—and emphasizes the importance of a scalable approach for managing retention across multiple tables. A PowerShell script is provided to simplify this process, allowing users to efficiently update retention settings without manual intervention.2. **Unique :**

Configuring Log Analytics Retention: A Game Changer

Microsoft has recently introduced an automated approach for configuring the total retention period for log analytics workspace tables. This update is essential for organizations managing large datasets.

What’s New?

The new feature allows users to set a total retention period of up to 12 years for log analytics tables. This includes both interactive and long-term retention periods. By default, tables retain data for 30 days, with log tables having a 90-day retention period.

“After the interactive retention period, the data remains in the table for the remainder of the total retention period you configure.”

Major Updates

Previously, configuring retention periods required manual adjustments for each table. Now, users can automate this process using a PowerShell script. This script updates the retention settings for multiple tables simultaneously, saving time and reducing errors.

Interactive retention can be extended up to 730 days, allowing for near-real-time analytics. After this period, data transitions to a long-term retention state, accessible through search jobs.

“I’ve created a PowerShell script which can update the total retention period for multiple tables at once.”

What’s Important to Know?

Before implementing the automated solution, it’s crucial to review the PowerShell script thoroughly. Testing in a controlled environment is recommended to prevent potential issues in production. Microsoft emphasizes that users are responsible for any consequences arising from the script’s execution.

To restore archived log data in Microsoft Sentinel, users can specify the table and time range for data restoration. Typically, this process takes just a few minutes, making archived data readily available for high-performance queries using Kusto Query Language (KQL).

Conclusion

This new automated approach to configuring retention periods marks a significant advancement for users of Microsoft Log Analytics. By streamlining the process, organizations can focus more on data analysis rather than manual configurations. As data volumes continue to grow, efficient management becomes increasingly critical.

For more details, check out the public documentation on restoring archived data and the PowerShell script hosted on GitHub.

The default retention period for log analytics tables is 30 days, with some log tables extending to 90 days.

Interactive retention can be extended up to 730 days, enabling data retrieval for analytics and visualizations.

Long-term retention allows data access through search jobs, even when not available for table plan features.

A PowerShell script is available on GitHub to automate the retention configuration for multiple tables simultaneously.

Users are advised to test the provided script in a controlled environment before deploying it in production settings.

From the Core Infrastructure and Security Blog