Log partitions store logs based on the routing filter that you configure for each partition in the Log Partitions page. You can query and analyze logs from specific partitions in the Explore Logs page.

To create and manage log partitions, you must have a premium or trial subscription for vRealize Log Insight Cloud. For information about subscriptions, see vRealize Log Insight Cloud Subscriptions and Billing.

According to your requirement, you can create indexed or non-indexed log partitions.
Indexed partitions
In an indexed partition, you are billed only for the volume of logs stored in the partition. You can search and analyze logs with quick results and without incurring additional costs. Use indexed partitions to store logs that you plan to query regularly.

Indexed partitions retain logs for up to 30 days.

Non-indexed partitions
In a non-indexed partition, you are billed for the volume of logs and also for searching the logs. Querying logs renders slower results than indexed partitions. Use non-indexed partitions to store logs that you do not plan to query regularly.

Non-indexed partitions retain logs for up to seven years. If you intend to query the logs frequently, you can move all or specific logs to a common recall partition for 30 days. In this partition, you can search and analyze the logs with quicker results and at no extra cost.

Note: Alerts and dashboard widgets are not operational in non-indexed partitions.

You can change the order in which logs are ingested into log partitions, based on their routing filters. Logs are ingested into non-indexed partitions first, followed by indexed partitions. The logs that do not match the routing filters in any of the indexed or non-indexed partitions go to the default indexed partition, which is read-only and stores logs for 30 days.

Note: You can create a maximum of 10 log partitions in an organization.