Binge drinking brake found in mouse brains, possible path to treat alcohol abuse (theconversation.com)

You might be familiar with Amazon S3 Intelligent-Tiering: https://aws.amazon.com/s3/storage-classes/intelligent-tiering/. It automatically moves data to cheaper storage tiers when it hasn’t been accessed for a while.

I’m wondering if a similar approach could work for observability data — especially logs. Hot storage is expensive, and much of the data may not be queried after a short period. Moving unused logs to warm or cold storage (or dropping them) could potentially save a lot.

Has anyone tried this kind of tiering or aging strategy for logs or metrics? Would love to hear how you approached it — tools, heuristics, lessons learned. Thoughts and speculation are also very welcome!

Comments (6)

PaulShin · 21h ago

Great question, and very timely. We've been tackling this exact problem at my startup, Markhub. The cost of hot storage for observability data, especially logs, can quickly become a significant line item.

We adopted a tiered approach that's working well for us so far:

1. Hot Tier (Last 7 Days): Elasticsearch. For our real-time debugging and immediate operational needs, nothing beats the query speed of Elasticsearch. We keep a rolling 7-day window of all logs here. It's expensive, but essential.

2. Warm Tier (7-90 Days): AWS S3 Standard. After 7 days, our log shipper (Fluentd) automatically archives the logs to S3. If we need to investigate an older issue, we can still query these logs directly using AWS Athena. It's much slower than Elasticsearch, but for occasional, deep-dive investigations, the cost savings are massive.

3. Cold Tier (After 90 Days): S3 Glacier Deep Archive. After 90 days, the logs are transitioned to Glacier Deep Archive via S3's lifecycle policies. This is purely for long-term compliance and "break glass in case of emergency" scenarios. It's incredibly cheap to store, but we know that retrieving it would be a slow and deliberate process.

The key lesson for us was to be realistic about our actual query patterns. We found that over 95% of our queries were for logs less than 3 days old. This data-driven approach allowed us to be aggressive with our tiering strategy without sacrificing critical visibility.

didro · 20h ago

Hm, interesting insight. Thanks for sharing!

But how did you get that query patterns? Were there some Elasticsearch API, proxies or smth else?

ovaistariq · 22h ago

If your logging system uses object storage like S3 or Tigris for persistence then it can automatically benefit from storage tiering.

didro · 22h ago

But they don't offer intelligent tiering for hot, quick-access storage. The S3 Intelligent Tiering storage spans warm, cold and archive.

notaharvardmba · 18h ago

Splunk has done this forever

didro · 16h ago

How? It allows out of the box for static retention policies only, as far as I know...

LightlyTrain X DINOv2: Smarter Self-Supervised Pretraining, Faster (lightly.ai)

9-second video of the clearing of Iranian and Iraqi airspace (twitter.com)

Innovation takes a backseat at small companies as tariffs become a full-time job (abcnews.go.com)

Tuning Apple's New On-Device LLM (developer.apple.com)

Pitfalls of premature closure with LLM assisted coding (shayon.dev)

Hacking Windsurf: I Asked the AI for System Access – It Said Yes [video] (youtube.com)

Schoolhouse Rock – The Great American Melting Pot[video] (youtube.com)

100 years of Zermelo's axiom of choice: What was the problem with it? (2006) (research.mietek.io)

The Twom Database Format (fastmail.com)

Schoolhouse Rock the Preamble[video] (youtube.com)

How heavy Is the new iPad Pro (M4) 11-inch? (2024) (davidroessli.com)

Richard Branson approved my new Virgin Voyages ad – it went live yesterday (old.reddit.com)

Convenience for You is Independence for Me [video] (2017) (developer.apple.com)

Binge drinking brake found in mouse brains, possible path to treat alcohol abuse (theconversation.com)

Cyberattack on Retail: Why It's a Target and How to Defend It (itsecuritywire.com)

Do Metaprojects (taylor.town)

Stop One-Shotting Your Code or Get Left Behind (algarch.com)

Issues with Stream Live, Stream VOD, Durable Objects, R2 and Workers Builds (cloudflarestatus.com)

1999 email from Jef Raskin helped me think about Apple's WWDC (fastcompany.com)

UK unis cough up £10M on Java to keep Oracle off their backs (theregister.com)

Openfire 5.0.0 Beta Released – Open-Source – Java XMPP/Jabber Server (discourse.igniterealtime.org)

Show HN: I built an AI Voice assistant to debrief me on what matters every AM (dayli.xyz)

Some of the Oldest Living Creatures Are Getting Crushed by Cruise Ship Anchors (studyfinds.org)

Premium accounts to fund the matrix.org homeserver (matrix.org)

A Son, a Scientist, and the Secret of Bioluminescence (thewalrus.ca)

James Wynn Goes Long on PEPE Hours After Losing $100M on Leveraged Bitcoin Bet (coindesk.com)

Painting the Internet: A Different Kind of Warhol Worm (2006) (ucalgary.scholaris.ca)

Google rejects app store age verification for online content (techxplore.com)

How do axolotls regenerate limbs and organs? A researcher is cracking the code (news.northeastern.edu)

Digital censorship of intimate health: women's issues undesirable (heise.de)

OxCaml (blog.janestreet.com)

OxCaml - a set of extensions to the OCaml programming language. (oxcaml.org)

I'm not back yet, but I'm looking for where to go next [video] (youtube.com)

Lyra Zero W Packs RK3506B and Wi-Fi 6 into Raspberry Pi Zero-Sized Board (linuxgizmos.com)

Deprecate TF + JAX (github.com)

Apple gets over its hang-ups, and the iPad enters a new era (sixcolors.com)

Are cells a good analogy for software? (neilmadden.blog)

How to Redraw a City (worksinprogress.co)

Bluesky, Cuban says 'lack of diversity of thought' pushing users back to X (fortune.com)

Is Gravity Just Entropy Rising? Long-Shot Idea Gets Another Look (quantamagazine.org)

Sole Survivor (2013) [video] (youtube.com)

Is Google about to destroy the web? (bbc.com)

Show HN: Tattoy – a text-based terminal compositor (tattoy.sh)

Mechanize is building AI tools to automate white-collar jobs (nytimes.com)

Deploy your own Docker registry and builder in 3 commands (knot.deployto.dev)

HTML WARDen (A Wiki) (ratfactor.com)

Show HN: Your Technical Voice

Jacob's Phone Simulator (jacobfilipp.com)

Why the age of AI is the age of philosophy (theendsdontjustifythemeans.substack.com)

When pop music went supernova (scottsumner.substack.com)

Ask HN: Is anyone doing intelligent tiering for logs?

Comments (6)