How to estimate bandwidth requirements for EventLog Analyzer deployment
Objective
Understanding bandwidth requirements is essential for effective deployment and performance tuning of EventLog Analyzer. Bandwidth usage varies based on how logs are collected (agent-based vs. agentless), the EPS rate, and client-server communication. This document outlines how to estimate the bandwidth consumed during log collection, client access, and search and report activities.
Steps to follow
Bandwidth between log source and server
Log collection requires dedicated bandwidth, and its usage depends on:
- Event per second (EPS) rate.
- Log collection method used (agent-based vs. agentless).
Compression behavior:
- Agent-based collection: Logs are compressed up to 10x (actual ratio varies by log format and structure).
- Agentless collection: No compression is applied.
Calculation example:
- Agentless collection:
Bandwidth ≈ log size generated per second
e.g., 900 bytes/event (Windows Logs) × 3000 EPS = 2.7MB/sec - Agent-based collection:
Bandwidth = log size generated per second ÷ 10
e.g., 2.7MB/sec ÷ 10 = 0.27MB/sec
Bandwidth between client and server
- Initial load requires approximately 15MB.
- After loading, ongoing usage is minimal and not significantly impacted by deployment type.
Bandwidth between Elasticsearch and server
- Usage depends on the complexity of the search query.
- Simple reports and alerts consume minimal bandwidth.
- Scheduled reports may temporarily spike bandwidth usage depending on the number of logs and the export format (e.g., large CSV files).
Tips
- Use agent-based collection wherever possible for bandwidth efficiency.
- Monitor EPS and average log size to calculate bandwidth needs accurately.
- Plan for temporary spikes in bandwidth during scheduled reports or heavy search queries.
New to ADSelfService Plus?
Related Articles
Introduction to EventLog Analyzer
What is log management? An enterprise network consists of different entities—perimeter devices, workstations, servers, applications, and more. Each entity records every activity that unfolds within it in the form of logs. These logs hold information ...Unable to start EventLog Analyzer
Issue description This issue occurs when the EventLog Analyzer service fails to start, or when users are unable to access the web client through the browser (typically on ports 8400 or 8445). Users may experience one or more of the following ...Disk Space Alert: EventLog Analyzer Installation Drive Reaching Capacity Threshold
Issue description This document provides a technical overview, possible causes, recommended resolution steps, and best practices for handling the "Disk Space Alert: EventLog Analyzer Installation Drive Reaching Capacity Threshold" notification. This ...Error: Alerts are not getting triggered in EventLog Analyzer
Issue description Alerts are not recorded in EventLog Analyzer. This problem occurs due to various reasons and impacts detections. This document offers troubleshooting information to resolve this issue. Possible causes The alert profile may be ...Troubleshooting guide: EventLog Analyzer UI is unresponsive
Overview This document outlines the common causes and recommended steps to resolve the issue when the EventLog Analyzer UI becomes unresponsive. Possible causes Insufficient system resources High CPU or memory usage on the server. Low disk space in ...