Hi guys,
Is the EPS licence calculated based on the number of events received by the SIEM or the number of parse events? A log source receives 500 events per second and 200 are dropped and only 300 are processed. Will the EPS licence be 300 or 500 here?
Hello,
FortiSIEM will re-allocate excess EPS (license minus the sum of Guaranteed EPS over all the collectors) based on need but the allocation will never go below the Guaranteed EPS
It will use whatever it needs to up to the licensed cap. If you deploy other Collectors, then now only the remaining EPS is guaranteed .
hope this answers the question
In other words, if an event is dropped, for example, if we make an event drop, is the EPS used here the first one to arrive or the one that is parsed and left behind?
I'm sorry but Im not following this question. Events that are dropped wont get parsed, EPS represents the rate at which events are generated and processed by a specific client or device within the network
Please look to the guide for better understanding
Understanding EPS (Events Per Second) by ... - Fortinet Community
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.