This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Total size of logs from an event source

Go to solution
VishamRawat
Beginner
Beginner

‎2019-07-30 07:59 AM

Is there any way to check or calculate the total amount of logs being sent from a particular event source?

For instance, the metered license usage shows the total size of log data streaming into SA, from all event sources. Is there a way to check how much log data (GB / day) is a particular event source, say a domain controller sending?

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
DaveGlover
Trusted Contributor Trusted Contributor
Trusted Contributor

‎2019-07-30 08:18 AM

Visham

 

You can run a report for 24 hours and get an idea of the total log size per device or per decoder

 

 

In the reporting engine create a rule with the following options:

 

Aggregation -> size

Select device.type or did or device.ip

Where medium=32

 

Run that for 24 hours and examine the results

 

Dave

View solution in original post

2 REPLIES 2

Go to solution
DaveGlover
Trusted Contributor Trusted Contributor
Trusted Contributor

‎2019-07-30 08:18 AM

Visham

 

You can run a report for 24 hours and get an idea of the total log size per device or per decoder

 

 

In the reporting engine create a rule with the following options:

 

Aggregation -> size

Select device.type or did or device.ip

Where medium=32

 

Run that for 24 hours and examine the results

 

Dave

Go to solution
VishamRawat
Beginner
Beginner
In response to DaveGlover

‎2019-07-30 08:46 AM

Thanks Dave

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.