- Search Overview
- Search Home Page
- Performing Searches
- Basic Search
- Advanced Search
- Advanced Search Building Blocks
- Running an Advanced Search Query
- Query Syntax
- Query by Subject
- Query by Vendor and Product
- Query by Field and Value
- Query by Context Table
- Query Using Regex
- Free Text Search
- Query Using Advanced Query Language Operators
- Query Using Aggregation Functions
- Query Using Structured Fields
- Dynamic Field Extraction
- Natural Language Search
- Anomaly Search
- Refine a Search
- Context Tables in Search
- Search Best Practices
- Search Results
- Dashboard Visualizations
Default Log Retention
Exabeam enforces the default log retention period as determined by your license (see Exabeam License Entitlements for term details). The default retention policy applies to deployments with the following licenses that include add-ons for either Long-Term Search or Long-Term Storage:
Exabeam Security Log Management
Exabeam SIEM
Exabeam Fusion
By default, the following licenses both come with one month of retention for anomalies in the Search application, but they are not eligible to add on Long-Term Search and Long-Term Storage:
Exabeam Security Investigation
Exabeam Security Analytics
If you have one of these licenses and need additional storage, contact your Exabeam representative to upgrade to the Exabeam Fusion license and purchase the desired add-on licenses. After upgrading the license, you can customize your log retention policy with Global Log Retention.
When the default log retention period is enforced, unless your subscription includes Long-term Search or Long-term Storage, Exabeam purges all Search logs that are older in age than one month beyond the period entitled to you by your license. Beginning on April 1, 2024, logs related to Threat Center are excluded from this log purge. Those logs are retained and remain available in Search for the duration of your Threat Detection default retention period.
Note
Be aware, if you don't have a Long-term Search add-on license, data is purged when the default log retention period is enforced. If you have a Long-term Search add-on, data older than the default retention period is moved to Long-term Search.