We've reorganized our navigation structure to align directly with your operational workflows. See the Google SecOps release notes for more information.
By default, Google retains 12 months of your data in your Google Security Operations
account. You can extend the retention period for up to five years as part of your Purchase Order.
The retention period applies to all of the data in your Google SecOps
instance. For example, you can't modify the data retention policy for a specific
log type.
Google uses an automated system to remove historical data based on the following:
Raw logs: Retention is determined by the ingestion timestamp (when the log arrived in the system).
UDM events: Retention is determined by the UDM event time (the timestamp within the normalized data structure).
View your data retention start date in Google SecOps
The Data Retention page is a read-only section within the SIEM settings that
shows the date when data retention began for your account.
To view your data retention start date, follow these steps:
In the navigation bar, select SIEM Settings>Data Retention.
The Data Retention page displays the retention start date in yyyy-mm-dd format.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2026-06-24 UTC."],[],[]]
