What is the size (in bytes) of various common IT d...

maverick · ‎06-08-2010

I was wondering if anyone had a link to some web page that lists the sizes (in bytes) for various common IT data event source types, like Cisco ASA, Microsoft IIS, Bluecoat, WebSphere/WebLogic log4j or logback, insert_your_common_sourcetype_here, etc.

maverick · ‎06-14-2010

Please see this Splunk Wiki table for more details, or to add your own events and their sizes now:

http://www.splunk.com/wiki/Community:CommonEventSizes

mendesjo · ‎10-03-2016

Any idea how you would find the TOTAL size of events by sourcetype in an index?

maverick · ‎08-31-2010

Thanks! This will help a lot!

hexx · ‎08-31-2010

Here's the same search but also showing the 10th and 90th percentile for event size (in bytes) broken down by sourcetype :

| eval esize=len(_raw) | stats p10(esize), avg(esize), p90(esize) by sourcetype

hexx · ‎08-31-2010

If you want to check the average size in bytes of your events broken down by sourcetype, you can run the search below. Of course, feel free to replace "*" with a specific data set you want to study, and don't forget to adequately set the time frame of the search :

| eval esize=len(_raw) | stats avg(esize) by sourcetype

effem · ‎02-19-2015

Isn't it simply the length of the _raw field? e.g. the value given by esize is only the number of characters.

What is the size (in bytes) of various common IT data event sourcetypes

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Are you a member of the Splunk Community?

What is the size (in bytes) of various common IT data event sourcetypes

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!