Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How To optimize eps aggregation and filtration in splunk

etaihellman
Engager
‎05-06-2021 12:40 PM

Hello guys,

i'm working with a costumer which wants to replace arcsight with splunk.

we're moving some systems from the arcsight and while we added "Fireglass" (by symantec) to monitoring we saw extreme growth in the license which almost caused to violations.

while digging in at the logs we saw that some sites, like youtube takes something like 1000 events for time frame of 1 minute. looking deeper i could see that all the video\audio traffic was sent as well. the customer told me that in Arcsight there's an option for "aggregation and filtration", which he can take the number of logs which are the same and merge them as one event, and ingest the whole traffic.

here's an explanation about the operation from the Arcsight side:

ArcSight. Optimizing EPS (Aggregation and Filtration) - SOC Prime

my question: can i make something like this with splunk? with a license of 100G the fireglass takes like 60G.

thanks in advance 

Etai 🙂

Labels (3)
Labels
0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Manual Instrumentation with Splunk Observability Cloud: The What and Why

If you've ever worked with distributed systems, you’ve likely felt the pain of a frontend throwing errors, ...

Full-Stack Security in Financial Services: AppDynamics, Cisco Secure Application, and ...

Full-Stack Security in Financial Services: AppDynamics, Cisco Secure Application, and Splunk ES Protecting a ...

It's Customer Success Time at .conf25

Hello Splunkers,   Ready for .conf25? The customer success and experience team is and can’t wait to see you ...
Top