Estimate log volume from Application

%3CLINGO-SUB%20id%3D%22lingo-sub-1571384%22%20slang%3D%22en-US%22%3EEstimate%20log%20volume%20from%20Application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1571384%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EI%20would%20like%20to%20do%20an%20estimation%20of%20the%20logs%20volume%20generated%20from%20Applications%20to%20ingest.%20In%20order%20to%20Reserve%20%26nbsp%3Ba%20capacity%20considering%20some%20Application%20like%20AntiVirus%2C%20Data%20Base%2C%20...%3C%2FP%3E%3CP%3EIs%20there%20a%20procedure%20to%20do%20that%3F%20Some%20calculator%20online%3F%3CBR%20%2F%3Ethank%20you%3C%2FP%3E%3CP%3ELgab%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1572897%22%20slang%3D%22en-US%22%3ERe%3A%20Estimate%20log%20volume%20from%20Application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1572897%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F746070%22%20target%3D%22_blank%22%3E%40Lgab_siem%3C%2FA%3E%26nbsp%3BSo%20far%20the%20only%20thing%20I%20found%20is%20an%20estimation%20of%20how%20much%20data%20Azure%20AD%20creates%20per%20person.%26nbsp%3B%20I%20have%20not%20seen%20anything%20else.%26nbsp%3B%20Hopefully%20something%20will%20come%20along%20in%20the%20near%20future%20as%20that%20is%20a%20big%20ask%20of%20my%20customers%20as%20well.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1572953%22%20slang%3D%22en-US%22%3ERe%3A%20Estimate%20log%20volume%20from%20Application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1572953%22%20slang%3D%22en-US%22%3E%3CP%3EHI%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F746070%22%20target%3D%22_blank%22%3E%40Lgab_siem%3C%2FA%3E%26nbsp%3B%2C%20there's%20online%20tools%20out%20there%20that%20will%20give%20you%20an%20estimation%20depending%20on%20the%20log%20sources.%20For%20example%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsiemsizingcalculator.logpoint.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsiemsizingcalculator.logpoint.com%2F%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20want%20to%20monitor%20a%20custom%20built%20application%2C%20I%20would%20suggest%20to%20redirect%20the%20logs%20to%20disk%20and%20see%20the%20size%20of%20them%20over%20a%2024%20hour%20period...that%20should%20give%20you%20a%20good%20idea.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERegards%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1575226%22%20slang%3D%22en-US%22%3ERe%3A%20Estimate%20log%20volume%20from%20Application%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1575226%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F746070%22%20target%3D%22_blank%22%3E%40Lgab_siem%3C%2FA%3E%26nbsp%3BLog%20analytics%20workspaces%20have%20usage%20table%20where%20you%20can%20see%20how%20much%20data%20you%20are%20ingesting.%20I%20would%20recommend%20sending%20logs%20for%20a%20week%20and%20checking%20the%20usage%20for%20calculation.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi,

I would like to do an estimation of the logs volume generated from Applications to ingest. In order to Reserve  a capacity considering some Application like AntiVirus, Data Base, ...

Is there a procedure to do that? Some calculator online?
thank you

Lgab

3 Replies

@Lgab_siem So far the only thing I found is an estimation of how much data Azure AD creates per person.  I have not seen anything else.  Hopefully something will come along in the near future as that is a big ask of my customers as well.

HI @Lgab_siem , there's online tools out there that will give you an estimation depending on the log sources. For example: https://siemsizingcalculator.logpoint.com/

 

If you want to monitor a custom built application, I would suggest to redirect the logs to disk and see the size of them over a 24 hour period...that should give you a good idea.

 

Regards

@Lgab_siem Log analytics workspaces have usage table where you can see how much data you are ingesting. I would recommend sending logs for a week and checking the usage for calculation.