Support Get Quote

Product docs

Tuning guide

EventLog Analyzer Performance Optimization Guide


System resources calculation

Hosting EventLog Analyzer without adequate system resources may affect its ability to perform necessary tasks. Use the calculator below to approximately determine the hardware you’ll need for EventLog Analyzer to perform smoothly.

System resources calculator


System resources optimization 


Disk space 

(a) Log volume-based optimization

The hard disk space required depends on the log volume generated in your environment. For a high log flow rate, you need to have a larger disk space to store and process the logs. However, if the need for disk space is growing at an alarmingly rapid rate, you should check if only the required logs are being collected. Making the changes below can reduce the need for disk space without compromising security.

  • Disable auditing of irrelevant Windows events.
  • Ensure that only the necessary syslogs are forwarded to the server. 
  • Employ log collection filters to remove noise.

(b) Retention-based optimization

Archived data:

The log files processed by EventLog Analyzer are archived periodically for internal, forensic, and compliance audits.

You can configure the following as per your requirements:

  • Archiving interval
  • Type of logs that need to be archived
  • Storage location of the archived files
  • Retention period

The archive and index sizes for a specific time period depend on the total volume of raw logs generated during that time period. 

  Default location Default retention Retention settings Compression
Archived data (Gz files) < Installation folder > /EventLog Analyzer/archive/archiveZipFiles Forever To update or change the retention period, navigate to Settings → Admin → Archive Settings.

Multiple archive configurations can be configured to customize the archive retention and storage settings.
Temporary Log Files (Flat files) < Installation folder > /EventLog Analyzer/archive/archiveFlatFiles 1 day To update or change the zipping interval → Admin → Archive Settings → Zip Creation Interval.

Multiple archive configurations can be configured to customize the zipping interval and storage settings.
Data which is older than a day will be automatically compressed in the ratio of 1:30 (i.e 30 GB file will be compressed to 1 GB).

To optimize archive processing, you can configure the location of the flat file in local storage. Use the provided calculator to determine the necessary product disk space.

Note: To minimize disk space usage, you can decrease the frequency of zipping in archive settings even when the flat file location is configured locally.

Indexed data:

Eventlog Analyzer indexes log data, which can be used for search or reports generation. There are two kinds of indexed data

Raw Indexed Data: The raw index speeds up the search function but occupies more disk space

Archived Indexed Data: The archived index slows down the search function but occupies less disk space.

  Default location Default retention Retention settings Compression
Raw Indexed data <Installation folder>/EventLog Analyzer/ES/data

Incase of Eventlog Analyzer Bundled with Log360

<Installation folder>/elasticsearch/es/data
32 days To update or change the retention period, navigate to Settings → Admin → Retention Settings. Data will be compressed in the ratio of 1:1.5 (i.e, 15 GB file will be compressed to 10 GB)
Archived Indexed Data <Installation folder>/EventLog Analyzer/ES/archive

Incase of EventlogAnalyzer Bundled with Log360

<Installation folder>/elasticsearch/es/data
Older than 32 days To update or change the retention period, hit the url

Index Data (which is already compressed in 3:2 ratio) which is older than 32 days will be automatically compressed in the ratio of 1

1:1.65 (i.e 5 GB of Indexed) data will be compressed to 3 GB).


CPU: The need for CPU power depends on the log volume, existing alert profiles, and correlation rules in place. If CPU usage is abnormal, do the following:

  • Set up policies to forward only the required logs. 
  • Review and ensure that only the required alert profiles and correlation rules are in place.

RAM: Correlation is a RAM-intensive process, so make sure that only the necessary correlation rules are in use. 

Fields cannot be empty×
It is recommended to split the load with Multiple ES Nodes, with Each node handling 800GB - 1.2 TB of Data×

System Resources Calculator


Windows logs

EPS(Events per second)

Field cannot be empty

Linux, HP, pfSense, Juniper Type 1 Syslogs


Field cannot be empty

Cisco, Sonicwall, Huaweii, Netscreen, Meraki, H3C Type 2 Syslogs


Field cannot be empty

Barracuda, Fortinet, CheckPoint Type 3 Syslogs


Field cannot be empty

Palo Alto, Sophos, F5, Firepower and Other logs Type 4 Syslogs


Field cannot be empty

Data to be stored for?

This is the raw archive data retention period.


Value cannot be '0'

Field cannot be empty

CPU cores




Disk Type


Disk Space? The disk space allocated for this product includes archive flat files that will be compressed into zip files within the next one or two days. To minimize the space occupied, you may consider decreasing the zipping interval of the archives in archival settings. Product ES Archive


Network Card Capacity


CPU Architecture


Get Hardware Requirements
Calculate Again

EventLog Analyzer Trusted By

Los Alamos National Bank Michigan State University
Panasonic Comcast
Oklahoma State University IBM
Accenture Bank of America
Ernst Young

Customer Speaks

  • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
    Benjamin Shumaker
    Vice President of IT / ISO
    Credit Union of Denver
  • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
    Joseph Graziano, MCSE CCA VCP
    Senior Network Engineer
  • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
    Joseph E. Veretto
    Operations Review Specialist
    Office of Information System
    Florida Department of Transportation
  • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
    Jim Lloyd
    Information Systems Manager
    First Mountain Bank

Awards and Recognitions

A Single Pane of Glass for Comprehensive Log Management