In the Next-Gen SIEM Connector Dashboard (specifically within the CrowdStrike Falcon ecosystem), the maximum retention period for which you can query third-party data ingestion metrics is 90 days .

Why 90 Days?

While the actual log data (telemetry) in a Next-Gen SIEM can often be retained for a year or longer depending on the subscription (e.g., 365 days), the health and ingestion metrics —which include data such as volume throughput, connector status, and ingestion rates—are typically stored for a shorter duration. This 90-day window is designed to provide enough historical context for:

Troubleshooting: Identifying when a specific connector started failing.

Trend Analysis: Monitoring changes in data volume over a fiscal quarter.

Capacity Planning: Reviewing average ingestion rates to ensure they stay within licensed limits.