Excessive Retention of Logs in Cloud Logging

Service Category

Other

Cloud Provider

GCP

Service Name

GCP Cloud Logging

Inefficiency Type

Excessive Retention of Non-Critical Data

Explanation

By default, Cloud Logging retains logs for 30 days. However, many organizations increase retention to 90 days, 365 days, or longer — even for non-critical logs such as debug-level messages, transient system logs, or audit logs in dev environments. This extended retention can lead to unnecessary costs, especially when: * Logs are never queried after the first few days * Observability tooling duplicates logs elsewhere (e.g., SIEM platforms) * Retention settings are applied globally without considering log type or project criticality

Relevant Billing Model

* Billed per GiB of log data ingested (beyond free tier) * Billed per GiB of storage retained (beyond 30-day default) * Long-term retention of high-volume log types (e.g., debug logs) increases cost without added value * Indexed logs also incur additional costs if retained in Logging buckets with longer durations

Detection

Review Logging buckets with extended retention policies beyond the 30-day default
Identify high-ingestion log types with little to no query activity
Assess if the logs are duplicated in other observability or SIEM platforms
Examine dev/test projects with elevated retention policies that may not be justified
Evaluate whether regulatory or compliance needs require longer retention for each log category

Remediation

Set log-specific retention policies aligned with usage and compliance requirements
Reduce retention on verbose log types such as DEBUG, INFO, or system health logs
Route non-essential logs to a lower-cost or exclusionary sink (e.g., exclude from ingestion)
Use aggregated sinks to centralize critical logs while filtering noise
Automate regular audits of Logging buckets and retention policies across projects

Relevant Documentation

Cloud Logging Pricing
Configure Log Retention
Excluding Logs from Ingestion

Submit Feedback