08-30-2013 12:44 AM
Hi,
I'm putting together a costing to install Splunk for IronPort reporting, does anyone know of a good way to get an idea of the amount of logs we'd be indexing daily?
Best bet I can think of for the moment is to set it all up with a trial licence and see what I get, we'll be doing it anyway to confirm it does give us what we need.
If anyone has a better idea I'd be grateful.
Many thanks
Chris
Solved! Go to Solution.
08-30-2013 06:26 AM
We have recently started testing Splunk for the WSA also, be aware that the trail license only allows for the import of 500MB of log data per day. The amount of logs you would be indexing depends of the amount of traffic you generate and the size of you log files on a daily basis. Cisco does have a sizing doc based on the transaction numbers you generate.
We worked with our Cisco reps to determine the proper sizing that was needed for our envionment due to our large volume of traffic. I would reachout to you rep for the documentation if you are unable to find it on the website.
I hope this helps.
Dominick
08-30-2013 06:26 AM
We have recently started testing Splunk for the WSA also, be aware that the trail license only allows for the import of 500MB of log data per day. The amount of logs you would be indexing depends of the amount of traffic you generate and the size of you log files on a daily basis. Cisco does have a sizing doc based on the transaction numbers you generate.
We worked with our Cisco reps to determine the proper sizing that was needed for our envionment due to our large volume of traffic. I would reachout to you rep for the documentation if you are unable to find it on the website.
I hope this helps.
Dominick
08-30-2013 06:34 AM
Cheers, and the magin word "sizing" took me to the correct part of the document, which admittedly I hadn't read very thoroughly.
Great answer, we're going to chat with Splunk, I'll give our Cisco rep a call as well.
Thanks again,
Chris
08-30-2013 08:13 AM
I'm confused, because it seems that this is available on the box...
Couldn't you just ftp to the box, look at the files in the /accesslogs folder, and maybe do some math if you've tweaked the rollover time? Mine are configed to rollover nightly (which I think is the default), and they range form 800-980 meg a day...
Ken
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide