Is there a way to know what is the maximum storage capacity for events (Databases, Windows, RHLinux) in Security Analytics ?
The best way to determine this would be to SSH into the Log Decoder itself and run the following command:
This is because depending on hardware purchased or whether this is a virtual deployment the sizes can vary greatly.
The above command would show the mounted file systems and their associated sizes. The one you are looking for is "packetdb". The available space will be 95% of its total, this is because we automatically roll information out when the size is 95% to ensure consistent capture.
All logs are stored in the packetdb as ".nwdb" files which are by default 4GB in size and will contain all logs ingested by the Log Decoder at that time.
Thank you so much for your answer!
Retrieving data ...