Getting Data In

Splunk Vs Microsoft Azure sentinel

hrithiktej
Communicator

In Splunk when i ingest Security events log of AD from 70 domain controllers for just 4 whitelisted events and dropping static text by regex in config file and the count is 500gb avg. everyday.

In Azure sentinel when we ingest the same data i mean like ingest these 4 events by Azure sentinel connector from our domain controllers the amount/size of logs is just 10gb.

i am surprised and want to know what is the difference in terms of logs ingestion or processing that there is so huge difference in terms of size.

Tags (2)
Get Updates on the Splunk Community!

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...

Explore the Latest Educational Offerings from Splunk [January 2025 Updates]

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...