Cloud SIEM Log Ingestion Budget

Forecast hot storage spend for your cloud SIEM by pairing daily ingest, retention, compression savings, and per-GB pricing tiers.

Average volume of normalized logs generated per day before compression.
Number of days logs remain searchable or billed as hot storage.
Percentage of data removed through filtering, sampling, or compression.
Effective vendor rate per ingested gigabyte including contract discounts.

Forecast only — confirm with your SIEM vendor’s pricing schedule before budgeting.

Examples

  • 550 GB/day, 30-day retention, 25% compression, $0.28/GB ⇒ Monthly spend $3,465.00 storing 12,375.00 GB.
  • 200 GB/day, 90-day retention, 40% filtering, $0.20/GB ⇒ Monthly spend $2,160.00 with $1,440.00 saved via filtering.

FAQ

Does the calculator include burst day surcharges?

No — it models steady-state averages. Layer in an overage buffer manually if your workloads spike during incidents.

How can I compare hot vs. cold storage?

Duplicate the run with separate retention and cost-per-GB assumptions for each tier, then combine the outputs for a blended monthly cost.

What pricing should I enter for vendor discounts?

Use the effective contracted rate after any ingest commitments; this keeps the output aligned with procurement true-ups.

Does the result cover compute charges for analytics?

No — it focuses on ingestion and storage fees. Layer in search or analytics compute separately using your vendor's workload pricing calculator.

Additional Information

  • Daily log volume should reflect post-normalization size before vendor-side compression or deduplication.
  • Retention days multiplies effective daily volume to arrive at the total billable storage footprint in gigabytes.
  • Compression percentage represents log reductions from sampling, filtering, or gzip; leave at 0 for raw estimates.
  • Per-GB pricing should include any committed-use or marketplace discounts for accurate budgeting.

Related calculators