View Security Analytics and Logging Storage Usage and Event Ingest Rate

View the current Security Analytics and Logging storage utilization and analyze event logging trends. You can analyze the storage utilization trends by event type, device type, and individual devices to gain deeper insights into storage utilization patterns. Use the data visualizations for quick and easy analysis, enabling you to assess the current storage capacity and take measures to reduce the logging rate if the storage utilization approaches the limits that are specified in your Security Analytics and Logging license.

Procedure

Step 1

From the left navigation bar, click Administration > Logging Settings.

Step 2

Click View Logging Storage Usage.

Tip

Alternatively, navigate to Events & Logs > Events > Event Logging from the left navigation bar, and then click the Storage Utilization button to view the Security Analytics and Logging storage usage and event ingestion trends.

Step 3

Use the following dashboards to customize and analyze the storage utilization and gain more insights into the event logging trends in your firewall deployment:

  • Usage Trends: Displays the event logging storage usage for the last 12 months. Hover over a bar to see the data usage for the corresponding month.

  • Events per second (EPS) trends: Displays the event ingest rate for the onboarded devices. Customize your events per second trends view for a specific time period or for a specific device to get more granular data. You can filter the data for the last 1 week, 2 weeks, 3 weeks, or 1 month.

    Note

    The device drop-down list displays the threat defense devices that are sending events to the Cisco Security Cloud.

  • Utilization by event type trends: Displays event data storage used, in bytes per day, for different threat defense event types. Use this widget to monitor storage use by event types and identify surges, if any, or unusual changes in storage use for specific event types. This insight enables you to adjust logging settings for a specific event type and manage storage use.

  • Utilization by device type trends: Displays event data storage used, in bytes per day, for ASA and threat defense device types. Use this widget to monitor storage use by the device type and identify surges, if any, or unusual changes in storage use for a specific type of device.

  • Utilization by device trends: Displays event data storage used, in bytes per day, for each security device that sends events to Security Cloud Control. This widget focuses on devices with storage use exceeding the average bytes per second value, showing only the top five devices to improve usability. Use this widget to monitor storage use for each device and identify surges or unusual changes. This insight allows you to adjust logging settings for specific devices and manage storage use effectively.