What is the size (in bytes) of various common IT d...

maverick · ‎06-08-2010

I was wondering if anyone had a link to some web page that lists the sizes (in bytes) for various common IT data event source types, like Cisco ASA, Microsoft IIS, Bluecoat, WebSphere/WebLogic log4j or logback, insert_your_common_sourcetype_here, etc.

maverick · ‎06-14-2010

Please see this Splunk Wiki table for more details, or to add your own events and their sizes now:

http://www.splunk.com/wiki/Community:CommonEventSizes

mendesjo · ‎10-03-2016

Any idea how you would find the TOTAL size of events by sourcetype in an index?

maverick · ‎08-31-2010

Thanks! This will help a lot!

hexx · ‎08-31-2010

Here's the same search but also showing the 10th and 90th percentile for event size (in bytes) broken down by sourcetype :

| eval esize=len(_raw) | stats p10(esize), avg(esize), p90(esize) by sourcetype

hexx · ‎08-31-2010

If you want to check the average size in bytes of your events broken down by sourcetype, you can run the search below. Of course, feel free to replace "*" with a specific data set you want to study, and don't forget to adequately set the time frame of the search :

| eval esize=len(_raw) | stats avg(esize) by sourcetype

effem · ‎02-19-2015

Isn't it simply the length of the _raw field? e.g. the value given by esize is only the number of characters.

What is the size (in bytes) of various common IT data event sourcetypes

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?