Re: What's the difference between an event and a l...

aruncp333 · ‎09-06-2019

Can anyone explain me what's the difference between an event and a log.

According to me, an event is set of logs generated after matching a correlation.

woodcock · ‎09-09-2019

Really you have 3 terms event, log, and result.

An event is a thing that happened anywhere at any time. It might be in Splunk and it might not. A log is the digital exhaust of that event; it is the plain-text vestige that indicates than an event happened. A result is each thing that is returned from a Splunk search.

aruncp333 · ‎09-07-2019

That's interesting, Dal.

Further I have a follow up question.

Question: How can I propose splunk sizing if the customer is having existing solution in terms of events per second (EPS).

Let's say, 1000,000EPS conversion to Splunk/day license sizing.

Thanks in advance.

DalJeanis · ‎09-06-2019

An "event" is any one record returned from an index or search. It could be a single log, or a single record that contains a count of logs, or a single record that says "100".

A "log" is a specific type of event, specifically documenting that something happened at a particular time.

What's the difference between an event and a log

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation