Splunk efforts estimator is available for custom data source integartion? So that efforts can be calculated.
I have no idea what you mean by "effort" but maybe these?
https://www.splunk.com/blog/2015/02/18/splunk-sizing-made-easy.html https://www.splunk.com/blog/2014/05/07/splunk-sizing-and-performance-doing-more-with-more.html
Hi Wddocock,
Thanks for information.
By efforts I mean no of days estimation for device to be on-board on splunk. Based on device type and supported/unsupported. Each SIEM have excel sheet to estimate that. So i was looking for that.
I still do not understand. Do you mean how many days to keep the data before discarding it (this is called "retention")?
No. Its before integration of any data source with Splunk.
How much time(in days) it will take to integrate a set of data sources with Splunk.
We will calculate this depending upon type of data source. Hope this answer your question.
