Objective  

Prerequisite  

• Admin access to the EventLog Analyzer web console.
• Ensure sufficient disk space is available to load the required archive files. Loading archives temporarily expands data in Elasticsearch and may require additional storage.
  

Steps to follow

1. In EventLog Analyzer, go to Settings → Admin Settings → Data Storage → Archive.
2. This page displays a list of all available archive files.
3. Under Select Devices, choose the device for which you want to load older logs.
4. Use the Click to choose date range option at the top-right corner to select the period for which you need older logs.
   
   
   
5. Once the device and date range are selected, the archive list will be filtered accordingly.
6. You can choose to load all archive files or load only a specific log format. For example, if you want to load only MSSQL logs for the selected Widnows device, simply select the respective checkbox and click Load Archive.
   
   
   
7. It is recommended to load a smaller set of data at a time. Loading very large archives may slow down the system. Before proceeding, review the displayed file size and approximate loading time.
8. The status of the archive file will be updated as Loaded once the loading process is completed.

Tips

• Loading large archive files may take additional time depending on disk performance and available system resources.
• Set the archive retention period based on your internal compliance or storage policy.
• Configure the loaded retention period to control how long loaded archive data remains searchable in Elasticsearch.
• Only the required log types should be loaded to improve performance and reduce system overhead.
• Configure separate archive retention policy based on the requirement. 

Related topics and articles 

• EventLog Analyzer Retention Settings
• EventLog Analyzer- Archives
• Log search in EventLog Analyzer