Log Aggregation Storage Tradeoffs

Hot, warm, cold storage tiers. The transition policies, the cost ratios, and the queries that get fast or slow at each tier.

Hot tier: 7 days

Indexed, queryable in seconds. Most expensive per GB. Used for active debugging.

Right-size: hot tier should fit the team's debug-window. Beyond that is wasted spend.

Warm tier: 7-90 days

Less indexed, queryable in minutes. 5x cheaper than hot.

Useful for postmortems and trend analysis. Slower queries are acceptable here.

Cold tier: 90+ days

Object storage. Queryable in tens of minutes via batch jobs.

Used for compliance and rare deep investigations. Cheap; cold queries are not for daily use.