What is the size (in bytes) of various common IT d...

maverick · ‎06-08-2010

I was wondering if anyone had a link to some web page that lists the sizes (in bytes) for various common IT data event source types, like Cisco ASA, Microsoft IIS, Bluecoat, WebSphere/WebLogic log4j or logback, insert_your_common_sourcetype_here, etc.

maverick · ‎06-14-2010

Please see this Splunk Wiki table for more details, or to add your own events and their sizes now:

http://www.splunk.com/wiki/Community:CommonEventSizes

mendesjo · ‎10-03-2016

Any idea how you would find the TOTAL size of events by sourcetype in an index?

maverick · ‎08-31-2010

Thanks! This will help a lot!

hexx · ‎08-31-2010

Here's the same search but also showing the 10th and 90th percentile for event size (in bytes) broken down by sourcetype :

| eval esize=len(_raw) | stats p10(esize), avg(esize), p90(esize) by sourcetype

hexx · ‎08-31-2010

If you want to check the average size in bytes of your events broken down by sourcetype, you can run the search below. Of course, feel free to replace "*" with a specific data set you want to study, and don't forget to adequately set the time frame of the search :

| eval esize=len(_raw) | stats avg(esize) by sourcetype

effem · ‎02-19-2015

Isn't it simply the length of the _raw field? e.g. the value given by esize is only the number of characters.

What is the size (in bytes) of various common IT data event sourcetypes

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation