In this moment I'm doing sizing for an enterprise deployment. I know the events per minute that a Palo Alto and Watchguard firewall generate, but I need the size of the events.
Somebody know how obtain this data? or maybe have an estimate, or how get it?
your friend. FerTLALOC
saludos de México City?
May be like this (would be slow so select smaller time range)
Your base search | head 100 | eval sizeinbytes=len(_raw) | stats avg(sizeinbytes) max(sizeinbytes)
View solution in original post