The Archived Logs interface presents a detailed inventory of Log Management data moved from the Elasticsearch database to the archive location configured in Log Management Settings. The information displayed includes:

  • Date. The date of the Elasticsearch index from which the archive was created.
  • Status. The current status of the archive (e.g., Archived, Restore requested, Restoring, Restored, Restore error, Deleted).
  • Index. The name the of the Elasticsearch index from which the archive was created.
Tip: Hovering over the Status column or the Index column displays historical information about the archive such as when it was created and when it was restored to Elasticsearch.
  • Log Type. The type of logs.
  • Log Count. The total log count contained in the Elasticsearch index.
  • Snapshot. An overview of log counts for individual severity levels (e.g., Critical, Error, Warning, Information).
Tip: Hovering over a section of the snapshot displays the log count for that severity level.
  • Archive File Name. The name of the archive file.
  • Size. The size of the archive file.
  • Location. The folder location of the archive file.
  • Error Message. Any error message from the most recent processing of user requests on the archive.

Additional information may be displayed by hovering over any column header, clicking the icon that appears, then selecting from the options shown in the Columns sub-menu. These options include:

  • Archived Date. The date and time the archive was created.
  • Archive Duration. The amount of time it took to create the archive by exporting data from Elasticsearch.
  • Restore Duration. The amount of time it took for the most recent operation to restore logs to Elasticsearch.
  • Restore Requested. The date and time of the most recent restore request by users.
  • History. A brief history of the archive along with the date and time the archive was created.

Clicking the column header icon also allows you to sort column data. The date range for data displayed can be adjusted using the calendar drop-down menu in the upper-right corner of the grid.

To restore logs contained inside an archived file to Elasticsearch (to allow for research on logs contained in that archive, for example), select the applicable checkbox at the left of the grid, then click Restore. Restore requests are queued to the WhatsUp Gold system task that restores logs from archives. Depending on the size of the archive and the performance of the Elasticsearch instance the restore operation could take some time to complete the request. Once restore finishes, the status shows as Restored. If any errors occurred during restoration (e.g., if the archive was tempered after its creation, which disqualifies it from being restored to Elasticsearch), they are displayed under Message in the grid as well as in applicable logs in WhatsUp Gold.

To remove from Elasticsearch logs previously restored from an archived file, select the applicable checkbox at the left of the grid, then click Remove.

Important: Logs from archives that are in the status Restored remain in Elasticsearch until the user removes them by selecting the archives and clicks Remove. They are not subject to WhatsUp Gold's automatic deletion based on the online log retention policy or log deletion when disk space is low on Elasticsearch. Therefore, it is advised to remove restored logs as soon as they are no longer needed in Elasticsearch.
Note: Enable the Include Deleted control to display archive files previously removed from the archive location. While deleted archive file records can be displayed in the Archived Logs interface, the actual files cannot be restored once they have been deleted.