I am putting a business case together for getting a SIEM into my organisation. I have looked at a number of options and I am trying to get some ball park prices to include. Given that splunk works on a data consumption model, of $2,070 PA for 1GB per day. I was wondering how I would go about calculating an estimate of how much data my organisation would send to splunk? Is there any kind of model for this? Something that I can use to work out how much data my organisation will send splunk per day. I.e a model that will guestimate that X number of Windows 7 clients send an average of Y MB per day, X number Windows Domain Controllers will send Y MB per day, X NGFW will send Y MB per day etc. etc. ... View more