Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What's the average size for a log file?

nmensah
Explorer
‎03-14-2016 12:40 PM

Hello everyone. I'm just trying to get a ball park estimate here. Granted everything is set to default, what do you think is the general log file size for the following logs:

Window 2012 Server log size:
Unix Server log size:
ESX log size:

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎03-14-2016 08:18 PM

Size is relative to what you're doing. In one index we have very little log data so I allow multiple lines to combine into one which makes it much easier to read compared to having 1 line per single lined event which could get messy if you have a high frequency of them. In another index we have web service calls so the event size is the start of the xml request to the end of the xml reqest, then the start of the xml response to the end of the xml response. So it will vary depending on what your ingesting and preference..

TIP!
You can edit the event size adding/modifying a stanza to your props.conf file on the indexer

http://docs.splunk.com/Documentation/Splunk/6.2.2/Data/Indexmulti-lineevents

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎03-14-2016 01:39 PM

There is no generic average that makes sense to use without any context, activity on the servers matters.

Grab a free copy of Splunk, install on some machine, connect logs, wait for a few days, measure what you have.

Reply

lguinn2
Legend
‎03-14-2016 02:16 PM

I second Martin's answer. Also note that you have control, in most cases, of how large log files can become before they roll/rotate. On many Linux servers, the utility that controls this is called logrotate.

For best performance and managing disk space, I would probably roll my log files at 5BM or even less. Just be sure to keep at least the current log and the previous log.

0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
Top