Portal Community
BizFirst Observe

Log Retention in Loki

Loki's compactor component enforces retention by periodically deleting chunks older than the configured retention period. Retention can be configured globally or per-tenant, and old data can be archived to cold storage before deletion.

Global Retention Configuration

# loki-config.yaml — retention settings
limits_config:
  retention_period: 720h       # 30 days — global default

compactor:
  working_directory: /loki/compactor
  retention_enabled: true       # Must be true for retention to be enforced
  retention_delete_delay: 2h    # Delay between marking and deleting chunks
  retention_delete_worker_count: 150
  compaction_interval: 10m      # How often compactor runs
  delete_request_store: filesystem  # Where delete requests are stored

Per-Tenant Retention (Enterprise / Multi-Tenant)

In multi-tenant deployments with auth_enabled: true, different tenants can have different retention periods:

# loki-config.yaml — per-tenant retention overrides
limits_config:
  retention_period: 720h   # Default: 30 days

# Per-tenant overrides in overrides section or separate file:
overrides:
  "tenant-premium":
    retention_period: 2160h    # 90 days for premium tenants
  "tenant-compliance":
    retention_period: 8760h    # 1 year for compliance tenants
  "tenant-dev":
    retention_period: 168h     # 7 days for development tenants

Recommended Retention Tiers

TierRetention PeriodStorageCostUse Case
Hot30 daysS3 Standard or local diskHighActive operations, debugging, alerting
Warm30–90 daysS3 Standard-IAMediumIncident post-mortems, trend analysis
Cold90 days – 1 yearS3 Glacier InstantLowCompliance, audit, regulatory requirements
Archive1–7 yearsS3 Glacier Deep ArchiveVery LowLegal hold, long-term compliance

S3 Lifecycle Policy for Cold Storage Transition

# S3 bucket lifecycle configuration (JSON)
{
  "Rules": [
    {
      "ID": "loki-chunks-tiering",
      "Status": "Enabled",
      "Filter": { "Prefix": "loki/chunks/" },
      "Transitions": [
        {
          "Days": 30,
          "StorageClass": "STANDARD_IA"   # Warm: after 30 days
        },
        {
          "Days": 90,
          "StorageClass": "GLACIER_IR"    # Cold: after 90 days
        },
        {
          "Days": 365,
          "StorageClass": "DEEP_ARCHIVE"  # Archive: after 1 year
        }
      ],
      "Expiration": {
        "Days": 2555   # Delete after 7 years (adjust to compliance needs)
      }
    }
  ]
}
S3 Lifecycle and Loki Retention Must Align

If Loki's retention_period is 30 days and S3 lifecycle transitions to Glacier at 90 days, Loki will have already deleted its internal references to those chunks at 30 days — even though the data is still in S3 in a cold tier. Loki will not be able to serve queries for that data. If you need data to remain queryable beyond retention_period, extend Loki's retention period — not the S3 lifecycle alone.

GDPR Deletion

Loki provides a delete API for removing specific log lines on GDPR right-to-erasure requests:

# Request deletion of logs matching a query within a time range
curl -X POST \
  "http://loki:3100/loki/api/v1/delete?query={tenant_id='t123'}|='userId=user-xyz'&start=2026-01-01T00:00:00Z&end=2026-05-25T23:59:59Z" \
  -H "X-Scope-OrgID: tenant-t123"

# Check delete request status
curl "http://loki:3100/loki/api/v1/delete" \
  -H "X-Scope-OrgID: tenant-t123"
← LogQL for BizFirstGO Next: Loki Alert Rules →