In this post you will find the materials from todays session on Scaling and Sizing of Logpoint. 

Attached you will find the slides used in the presentation today and below you will find the relevant links: 

• Sizing helper download page: https://servicedesk.logpoint.com/hc/en-us/articles/360010077997-LogPoint-Sizing-Helper
• Rules of thumb: https://servicedesk.logpoint.com/hc/en-us/articles/360007454618-LogPoint-Sizing-Criteria-Rules-of-Thumb-2020-
• EPS estimate calculator: https://siemsizingcalculator.logpoint.com/
• SOAR sizing guidelines: https://docs.logpoint.com/docs/getting-started-with-soar/en/latest/

The system overview mentioned can be found in your logpoint environment under Settings  System  System Monitor. Besides that, you can use the following queries to get an overview of the system resource usage searching in the _logpoint repository: 

• Disk: logpoint_name=* device_ip="127.0.0.1" label="harddisk" mount_point="/opt/makalu/storage" | timechart max(use) by logpoint_name, mount_point  every 1 hour
• CPU: logpoint_name=* device_ip="127.0.0.1" label="CPU"| timechart avg(use) by logpoint_name every 10 minute
• Physical Memory: logpoint_name=* device_ip="127.0.0.1" label="memory physical"| timechart avg(use) by logpoint_name every 10 minute
• Virtual Memory: logpoint_name=* device_ip="127.0.0.1" label="memory virtual"| timechart avg(use) by logpoint_name every 30 minute
• Started reports: "source_name"="/opt/immune/var/log/report/report.log"  | process regex(".*status\=\s*(?P<status>.*?)\;",msg)   | search status=Started | chart count(status) as Startede_Rapporter
• Failed reports: "source_name"="/opt/immune/var/log/report/report.log"  | process regex(".*status\=\s*(?P<status>.*?)\;",msg)   | process regex(".*msg\=\s*(?P<message>.*)",msg)   | search status=Failed* | chart count(status) as Fejlede_Rapporter

Kind regards

Logpoint Training Team