Am preparing a report & need to estimate amount of data from an average say Microsoft or Linux (RHEL) server into Splunk on daily basis please. Just a rough estimate. Say the data includes logs & DBs. Thanks a million
The internal logs have per-host throughput metrics that may get you started. You'll have map hosts to OS yourself, however.
index=_index component=Metrics group=per_host_thruput
Thanks very much as usual bro. How would I estimate this size of ingestion from a remote server that does not have Splunk on it. Am trying to get an rough estimate of an average server sending my company daily Windows + Linux logs + DBs. Thanks a bunch.
Look at comparable servers that are sending to Splunk and then say "amount this much".
There is no such thing. It varies greatly depending on what you're logging, how detailed your logging is, what is the server's role, how heavily it's used and so on.
It's like asking "what's a typical vehicle's fuel consumption".