Overview
Sometimes, when investigating an issue, you may need to access Datadog logs that are no longer active. If you receive a "no matching results found" message instead of any logs, it indicates that the timeframe you are searching for is no longer available. In such cases, you can rehydrate the logs with the assistance of the TSE (Technical Support Engineer) team
Prerequisites
To perform the steps listed in this article, you need to have TSE privileges or contact the TSE team for assistance.
Steps to Rehydrate Datadog Logs
-
Click on “try rehydrating from archives” from the query itself or go to Logs > Rehydrate from Archive on the side menu
-
Choose your timeframe
-
Make sure the archive selected is Main Archive
-
Name the index something appropriate
-
If you are not coming from the query itself, set the query in “Set Indexing Query”
-
Keep the log retention to 3 days unless absolutely needed longer
-
Under “Notify Team on Rehydration Completion” make sure to @ yourself, slack-t-infrastructure-alerts, and the person requesting the logs
-
Once you are ready click “Rehydrate from Archive”
-
After a few moments an ETA will be provided as to how long the rehydration will take which looks like the image below:
Comments
0 comments