Hello Everyone! We have what we have been told is not a complete ideal setup where we have searchable data for 90 days and retain archived data for a year. We commonly have troubleshooting efforts that occur or come up where the issue happened 6 months ago (outside our searchable data). This forces us to then do a log rehydration to get the data to be searchable out of our archives. There is a lot of down sides to this. 1. We only can submit those as admins (which is for the best I know) 2. They can take 6+ hours for the data to restore before anyone can proceed with their troubleshooting 3. We are limited to how much data we can restore at a time. Right now, we are hitting a situation where we have a large investigations going on which required rehydrating a lot of data and it now is preventing the rehydration of any other data for smaller investigations. We can't clear the larger data due to the investigation going on. We thought about looking at S3 Federated searches instead of going out to archives and dealing with log rehydration's. However, there is concerns this wouldn't really get us where we need to be either. We would love to look at other options. What are others doing to help in this process? How are you handling investigations outside your normal searchable date ranges? ... View more