Archive

What's the difference between an event and a log

aruncp333
Explorer

Can anyone explain me what's the difference between an event and a log.

According to me, an event is set of logs generated after matching a correlation.

Tags (1)
0 Karma

woodcock
Esteemed Legend

Really you have 3 terms event, log, and result.

An event is a thing that happened anywhere at any time. It might be in Splunk and it might not. A log is the digital exhaust of that event; it is the plain-text vestige that indicates than an event happened. A result is each thing that is returned from a Splunk search.

0 Karma

aruncp333
Explorer

That's interesting, Dal.

Further I have a follow up question.

Question: How can I propose splunk sizing if the customer is having existing solution in terms of events per second (EPS).

Let's say, 1000,000EPS conversion to Splunk/day license sizing.

Thanks in advance.

0 Karma

DalJeanis
SplunkTrust
SplunkTrust

An "event" is any one record returned from an index or search. It could be a single log, or a single record that contains a count of logs, or a single record that says "100".

A "log" is a specific type of event, specifically documenting that something happened at a particular time.

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!