Objective

Prerequisites

• Administrative access to the EventLog Analyzer portal.
  

Steps to follow

1. Navigate to the Search tab in EventLog Analyzer.
   
2. Select the log type you want to analyze and set the date range to Last 7 Days.
   
3. Identify the day with the highest number of logs for the selected log type. The graph will display the total logs for each day when hovered over.
   
   
4. Click on the graph for that day to drill down into an hourly breakdown.
   
   
   
5. From the hourly split, identify the hour with the highest log flow.
   
   
   
6. Drill further into that hour to view the minute-wise breakdown and identify the minute with the most logs.
   
7. Finally, drill down into that minute to view the second-wise breakdown, and identify the second with the maximum number of logs received.
   
   
8. The value obtained here represents the maximum Events Per Second (EPS)
   
   
9. For example, if the total Windows log flow rate from all Windows-based machines is between 2,500 and 3,000, it is considered high. Follow the system requirements under the High Flow Category section in the System Requirements document.
   
   
   
   
   
10. Repeat these steps for each log type (Windows, Unix, Cisco, etc.) to determine the EPS for all sources.

Tips

• Repeat the EPS calculation periodically to account for changes in log volume.
• Focus on peak log flow hours for accurate resource estimation.
• Document the EPS for each log type to plan CPU, RAM, and storage requirements effectively.
• Use these values to decide if scaling the server or adding additional resources is necessary.
• Expect the nearest accurate EPS value when the folder <ManageEngine>\EventLogAnalyzer\ES\Cachedrecord is empty.

Related articles and topics

• Tuning guide 
• System requirements
• VM Infrastructure