1. Home
    2. Security Operations
    3. Cortex Data Lake
    4. Cortex Data Lake Getting Started
    5. Get Started with Cortex Data Lake
    6. Allocate Storage Based on Log Type

    Allocate Storage Based on Log Type

    To store logs in
    Cortex Data Lake
    , you must set the log storage quota (the amount of storage allocated for each log type). Some log sources automatically allocate storage at activation. Other sources require you to set quota to a value greater than 0 before
    Cortex Data Lake
     will store their logs. After you activate a new app or service that sends data to
    Cortex Data Lake
    , verify that the quota manager has storage allocated for it. When the log storage quota is not configured,
    Cortex Data Lake
     saves logs in the unallocated space that the quota manager automatically assigns.
    After you allocate log storage quota, view your actual storage utilization under
    STATUS
    .
    1. Sign In
       to the hub.
      To view the Cortex Data Lake app, you must have the correct user role. Learn more about app roles and how to assign them.
    2. Select the Cortex Data Lake instance for which you want to allocate log storage quota.
      If you have multiple Cortex Data Lake instances, click the Cortex Data Lake tile and select the instance from the drop-down of available instances associated with your account.
    3. Select
      CONFIGURATION
       and adjust the storage allocated for each log type.
      Field
      Value
      QUOTA (%)
      (
      Optional
      ) The percentage of your total Cortex Data Lake capacity that you want to allocate for each log type.
      Setting
      QUOTA
       for a log type to 0% means that Cortex Data Lake does not store the logs. If you reset
      QUOTA
       to 0%, all existing logs will be deleted.
      Leave this field blank to allocate all remaining storage to a log type. If you leave this field blank for multiple log types, they all share the remaining unallocated storage. When no more unallocated storage remains, Cortex Data Lake deletes the oldest logs among the log types with this field empty.
      ALLOCATED SIZE
      (
      Read-only
      ) The amount of log storage space allocated for each log type in KB, MB, GB, or TB.
      MAX RETENTION DAYS
      (
      Optional
      ) The number of days that Cortex Data Lake retains logs. Set this value only if you have a company or regulatory retention policy that requires you to delete logs after a given time period. If you leave this field blank, Cortex Data Lake will not delete logs until the available storage space runs out.
      Setting
      MAX RETENTION DAYS
       for a log type to 0 means that Cortex Data Lake does not store the logs. If you set
      MAX RETENTION DAYS
       to 0, all existing logs will be deleted.
      ACTUAL RETENTION DAYS
      (
      Read-only
      ) The number of days that logs have been stored in Cortex Data Lake. Logs are rolled over when the max days is reached or the available storage space runs out. Use this information to learn about the current utilization of Cortex Data Lake or which logs it has retained the longest and assess if you need to reallocate quota to meet your log retention policy.
      You can toggle whether to store or ingest log data from individual firewalls in the
      Inventory
       tab.
    4. Apply
       your changes.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo