Splunk Enterprise

Does any champ here has an estimate of size of data ingest into Splunk for an average server on Daily basis? Thx a mill.

SamHTexas
Builder

Am preparing a report & need to estimate amount of data from an average say Microsoft or Linux (RHEL) server into Splunk on daily basis please. Just a rough estimate. Say the data includes logs & DBs. Thanks a million

Labels (1)
Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

The internal logs have per-host throughput metrics that may get you started.  You'll have map hosts to OS yourself, however.

index=_index component=Metrics group=per_host_thruput
---
If this reply helps you, Karma would be appreciated.

SamHTexas
Builder

Thanks very much as usual bro. How would I estimate this size of ingestion from a remote server that does not have Splunk on it. Am trying to get an rough estimate of an average server sending my company daily Windows + Linux logs + DBs. Thanks a bunch.

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Look at comparable servers that are sending to Splunk and then say "amount this much".

---
If this reply helps you, Karma would be appreciated.
0 Karma

PickleRick
SplunkTrust
SplunkTrust

There is no such thing. It varies greatly depending on what you're logging, how detailed your logging is, what is the server's role, how heavily it's used and so on.

It's like asking "what's a typical vehicle's fuel consumption".

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...