In order for me to plan my elasticsearch cluster volume size needs I calculated EPS and EDS values for filebeat , and winlogbeat by checking the number of lines in the logs. But I can't seem to find a way to calculate how much data auditbeat and packetbeat generate a day.So my question is how can I find how much data or lines auditbeat and packetbeat generate a day.
Hi @0x90 welcome to the community.
Great question and we get asked it often and I agree we should provide some guidelines.
However I do this everyday for customers and what I find is the amount of traffic generated depends a lot on the sources and what activities is going on on them.
What I would recommend is set up on a handful of sources 3-5 that represent what you want to capture and let it run for a few days or week.
Then you can look at the indexes how many documents and their sizes and do a much better estimation of what a large scale deployment would look like.
Hope that helps a bit even though not the simple answer you are probably looking for.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.