Zara Boddula
Accessing years of archived logs shouldn’t slow down your audits or investigations. Speed is essential because these events are often unpredictable and urgent, coming at any time with tight deadlines and high stakes. But many organizations struggle with historical data stored in separate systems, making it difficult for them to respond quickly and cost-effectively. This data often requires costly rehydration or data movement before queries can begin.
Datadog Archive Search, now available in Preview, helps solve these challenges. With Archive Search, your teams can search in place across archived logs in Flex Frozen or customer-owned cloud storage (like Amazon S3)—no rehydration needed. This functionality reduces cost, operational overhead, and tool switching while accelerating audits and investigations.
In this post, we’ll explain how Archive Search helps you:
- Preview and search archived logs without rehydration
- Speed up investigations with cross-telemetry and organizational visibility
- Maintain end-to-end control and visibility of your log data
Preview and search archived logs without rehydration
Your financial services team might need to trace old transactions to meet regulatory requirements. Or perhaps your security team is investigating a suspected identity provider breach. Maybe your compliance team is auditing infrastructure changes that occurred over the course of multiple years.
Traditional access to these archived logs requires rehydration—restoring data from cold storage into hot storage—or exporting data to separate query platforms. This process can be time-consuming, expensive, and disruptive. It might also require approvals and budgetary planning, which can create additional delays. More importantly, it forces teams to switch contexts and learn different query languages, slowing down investigations and increasing the risk of errors.
With Archive Search, you can preview and search archived logs in Flex Frozen or customer-owned cloud storage without rehydrating or moving the data. Each log preview delivers full context—including log messages, timestamps, attributes, and tags—from the same Datadog query language and interface that you already know. This consistency lets you confidently investigate historical events, drill into anomalies, and filter results without switching tools or waiting for data to move.
As a result, you gain direct visibility into archived logs to help you answer critical questions such as the following:
- Who initiated the transaction that is the focus of the compliance request?
- Which API keys were rotated during the last compliance audit?
- Who accessed sensitive systems, and what actions did they take?
- When was a noncompliant infrastructure change made, and by whom?
- How long did a malicious actor maintain access, and what did that user do?
Speed up investigations with cross-telemetry and organizational visibility
When you’re investigating a performance issue, security signal, or compliance concern, having all your relevant telemetry data in one place helps you find answers faster. With Archive Search and Datadog Log Workspaces, you can visualize archived logs alongside key data sources—including RUM events, metrics, and Reference Tables—without switching tools or rehydrating data.
For example, let’s say that your security team just identified a security breach and needs to determine who introduced it. Using a log query in a Workspace, the team can pull up archived authentication logs and correlate them with RUM data to understand what actions the user took in the UI (for example, accessing sensitive pages or performing admin actions).
As another example, let’s say that your trading compliance team is investigating suspicious transaction failures as part of a quarterly audit. Using Archive Search in Log Workspaces, the team can filter for failed transactions across specific countries.
The team can then write SQL queries to identify unusual patterns, such as repeated failures linked to a single user or region, and perform joins with reference tables, like Salesforce known risk indicators.
After you have investigated the issue, you can use Datadog Sheets to organize and document your findings. You can reference archived log data directly in the spreadsheet, link the data to metrics, add context by using tags and metadata, and share a structured timeline of events across teams.
From detection to report, this workflow helps reduce context switching, accelerate investigations, and support audit-ready reporting—all with the same query language and interface that you already use in Datadog.
Maintain end-to-end control and visibility of your log data
Long-term visibility into your logs isn’t just about storage. It’s about making sure that the right data is collected, transformed, routed, and made searchable, all while keeping costs and compliance needs in check.
With Datadog Observability Pipelines, you can transform and route your logs as they flow to different vendors, lowering your DevOps and SIEM storage costs. For example, you can send all security-related logs directly to Amazon S3, enriching them with metadata like team ownership or compliance tags before they land in storage. At the same time, you can route application debug logs to a different destination entirely, applying different retention policies based on business needs.
This functionality gives you flexibility and control. But until now, accessing those archived logs meant switching tools or rehydrating data back into hot storage. Archive Search builds on Observability Pipelines by letting you search your archived logs in place. By combining Observability Pipelines and Archive Search, you can build an end-to-end workflow that gives you full control over your log data—from collection to long-term storage to in-place search. You can:
- Route and transform logs as they’re ingested
- Store logs in cost-effective long-term destinations
- Keep logs fully searchable and audit-ready
This approach helps you reduce unnecessary data ingestion into downstream platforms, like SIEMs. As a result, you can focus on the log data that truly matters for compliance, investigations, and performance monitoring—all within Datadog.
Get started with Datadog Archive Search
Whether you’re focused on lowering storage costs, simplifying compliance efforts, accelerating incident response, or improving historical log visibility, Archive Search gives you fast, flexible access to archived data—without the expense and complexity of rehydration. Sign up for the Preview to get started.
If you don’t already have a Datadog account, you can sign up for a 14-day free trial.
