Log Partitions in LogicMonitor give you more control over how long different types of log data are stored. You can assign custom retention periods based on the business value or compliance needs of each log type and support scalable and efficient log management across your environment.

For example, you can keep high-volume application logs for just a few days if they are only needed for short-term troubleshooting. At the same time, you can retain critical logs—like Windows audit or compliance logs—for several months. This flexibility enables you to manage log storage more efficiently and predictably.

LogicMonitor provides the following retention options:

• 7 Days
• 1 Month
• 90 Days
• (Default) 1 Year
• Custom retention

In addition to flexible retention, Log partitions enable you to do the following:

• Manually shut-off controls to avoid overages
• Improve search performance by narrowing the query scope

The Partitions dropdown in the LM Logs query bar displays "default" as the initial value. Use the following guidance based on how your organization uses log partitions:

• If you use only the default partition, take no action. Your saved searches, log alertgroups, logalerts, reports, and dashboard widgets function as expected.
• If you use custom retention SKUs or log partitions, replace the partition value "default" with your custom partition name (for example, "prod-logs-90d") in all saved objects—such as searches, log alertgroups, logalerts, alerts, reports, and widgets.

After creating Log Partitions, you can use LogicMonitor to edit, start or stop log ingestion for a specific partition, and delete a partition.

Default Log Partition

Log Partitions provide a default partition that is automatically created during initial setup and has predefined parameters. Your saved searches, logalert groups, logalerts, reports, and dashboard widgets function as expected. If you use custom retention SKUs or log partitions, you can replace the default partition with your custom partition name (for example, "prod-logs-90d") in all saved objects—such as searches, pipelines, alerts, reports, and widgets.

The default partition automatically inherits the longest available subscription type and retention duration based on your account’s subscription plan.

By default, log ingestion is enabled and cannot be turned off for the default partition.

You can edit the following fields for the default partition:

• Subscription SKU
• Retention
• Description
• Set Limit options (including Partition Limit, Stop Ingestion at Partition Limit, and Restart Ingestion at Beginning of Month)

The following fields and options cannot be edited for the default partition:

• Partition Name
• Tenant Identifier (system-defined and not visible in the UI)
• Ingesting switch (remains enabled)

Tenant ID for Log Partitions

Log partitions provides you multiple logs subscription type within the same portal. Use Logs partitions to segregate logs within your company based on tenant ID. If your environment provides services for multiple accounts, you can use Log Partitions to create logs partition for your tenants and set logs retention period as required by the tenants. As a provider of services to multiple accounts, you can create one logs partition for each tenant, which in most cases equates to “customer_name”.

If you are an enterprise customer, you can retain logs in logs partition for a longer or a shorter duration based on the type of logs. For example, you may decide to retain sensitive logs for a longer duration and test logs for a shorter duration.

With Log Partitions, a default log partition is available out-of-the box. The default logs partition follows the maximum retention value that has been purchased. However, you can change default partition’s retention period.

Requirements for Creating Log Partitions

To create Log Partitions, you need the the following:

• Custom properties on resource groups configured
  These properties are used to identify and route logs into the correct partition.
  

• For more information, see Resource and Instance Properties.
• (If leveraging tenant ID) Tenant identifier configured in the portal.
  

• For more information, see Tenant Identifier Property Name.
• A LogicMonitor user with the following permission set:
  • Manage permissions for “Partitions” in the Logs & Traces Role 
    For more information, see Logs & Traces Role Permissions.
  • Manage permissions for the resource group for creating, viewing, and managing the log partitions of in the Resources Role
    For more information, see Resources Role Permissions.

Creating a Log Partition

1. In LogicMonitor, navigate to Logs >  More options > Logs Management.
   
2. On the Partitions tab, select  Add Partition.
   The Add Partition panel displays.
3. On the Add Partition panel, do the following:
   1. In the Partition name field, enter a name for the partition.
      This name displays throughout the portal when selecting a log partition.
   2. In the Tenant identifier field, enter the tenant identifier.
      LogicMonitor attempts to match values as you type.
   3. From the Subscription SKU dropdown, select the SKU that matches your organization’s retention and feature needs.
      This determines your access to features like custom log partitions and data retention options.
   4. From the Retention dropdown, select a retention period for the logs.
      
      Note: Depending on your subscription plan, only specific retention options are available. Retention values cannot exceed your subscription’s maximum retention value.
      By default, the Retention value is set to the longest available subscription and retention length based on your subscription. 
      To change this, contact LogicMonitor Support. For more information on signing into the support portal, see Migration to New Support Platform from the LogicMonitor Community.
      
   5. (Optional) In the Description field, add a description for the partition.

4. Toggle the Ingesting switch to start the log ingestions.
   
5. (Optional) Toggle the Set Limit switch to enable partition size limits, and then complete the following:
6. Select  Save.

Validating Log Ingestion

You can validate that logs are properly ingested into the expected partition by using one of the following methods:

• Select Open in New. This opens the Logs page filtered to that partition and automatically runs a search.
• Alternatively, navigate to the Logs tab, select the partition name you just created, and select Search.

In either case, verify that logs from the resources matching the Tenant Identifier value entered during partition creation are displayed.

Searching Log Partitions

You can search within specific log partitions to quickly locate and analyze log data.

1. On the Logs tab, on the search bar, select the Partition dropdown menu.
2. Select the partition you want to search.
3. After selecting the partition, select Run Query to execute the query.
   

Saving Searches and Views

When you save a search or custom view, LogicMonitor automatically includes the partition name as part of the saved configuration.

• Saved searches and views are stored in the Query Library, retaining the associated partition context.
• This ensures that when you reopen or share a saved query, it automatically executes against the same log partition used when the search was saved.
  For example—If you save a view for the prod-logs-90d partition, reopening it later from the Query Library reapplies that same partition automatically.

Editing a Log Partition

You can change the retention period (depending on your purchase plan), log partitions description, and start or stop logs ingestion for an existing log partition.

1. In LogicMonitor, navigate to Logs > More options > Logs Management.
2. On the Partitions tab, select the Log Partition you want to edit.
   The Edit Partition panel displays.
   
3. From the Edit Partition panel, make any necessary changes.

4. Select  Save.

Starting or Stopping Log Ingestion for a Log Partition

1. In LogicMonitor, navigate to Logs > More options > Logs Management.
2. On the Partitions tab, locate the Log Partition you want to start or stop.
3. Toggle the Ingesting switch on or off.
4. When prompted, confirm whether to stop or start ingesting logs.

When you stop ingesting logs for a partition, logs configured for that specific partition are discarded.

Deleting a Log Partition

Deleting a custom log partition does not stop log ingestion. Logs intended for the deleted partition are automatically routed to the default partition. To stop log ingestion, you must disable log forwarding at the source. This process varies by log type and system. For example, if your environment provides services for multiple accounts, ensure each account stops sending logs before you disable ingestion and delete their partition. 

To delete a Log Partition, you must first stop log ingestion for that partition and then wait for the cooldown period.

1. In LogicMonitor, navigate to Logs >  More options > Logs Management.
2. On the Partitions tab, select the Log Partition you want to delete.
   The Edit Partition Panel displays.
   
3. Select  Delete.

After you delete a log partition, the existing logs from the log partition are permanently deleted.