Why is Event Log Management so painful?

Let’s start with the obvious answer: There’s an inordinate amount of data. According to Gartner, a medium - sized enterprise creates 20,000 messages per second of operational data in activity logs. In a single, 8-hour day this comes to 500 million messages, adding up to more than 150 GB of operational data.

Now, this may not accurately represent your environment, but it evokes the same emotions you already feel when you think about your servers and all the logs they contain (and your head begins to spin).

The second obvious answer: Finding the needle in the proverbial event log haystack. Make that haystacks – you’re responsible for monitoring multiple servers, multiple logs, and multiple events. And once you have a grasp on all the data you need to search through, you need to determine what are you supposed to look for - Is it the event ID, the description, the source? Which query will provide a meaningful result?

This whitepaper looks at five aspects of Event Log Management that cause pain and how to simplify them.