Skip to main content
Skip table of contents

LogRhythm Reference Architecture

Gen5 Reference Architecture

The tables in this section describe LogRhythm appliance platforms and performance specifications for each. You can use this information to determine what kind of systems you will use for installing LogRhythm.

New installations of the Data Indexer are only supported on the Linux platform. The Data Indexer is only supported on Windows in an XM configuration.

SAN storage is supported only in LogRhythm's software only solution and not in LogRhythm appliances. With respect to appliances, SAN storage is supported only for inactive archives.

In the tables that follow, Allocation Unit Size is abbreviated as AUS. Where not otherwise specified, default AUS is expected.

Appliance Reference Architecture

Data Collector

Reference Platform

Performance (MPS)

Hardware

Operating System

Disk/Vol 1 Config

Disk/Vol 2 Config

LR-DC3500 Series

Sustained Collection Rate: 10,000

Burst Collection Rate: 25,000

  • 1 x 3.6 GHz 4 Core CPU

  • 8 vCPU

  • 16 GB RAM

  • H730P RAID controller

  • 2 x 1 Gigabit Ethernet NICs

Windows 2019 or 2022 Standard Edition

Physical Disk:

  • 2 x 300 GB 10K RPM SAS RAID 1

  • Hardware IOPS: 150

  • Recommended IOPS: 150

Virtual Disk:

  • 278 GB usable

Logical Volume:

  • C Drive (200 GB)

  • D Drive (78 GB)

not applicable

LR-DC3501 Series

Sustained Collection Rate: 10,000

Burst Collection Rate: 25,000

  • 1 x 2.6 GHz 8 Core CPU

  • 16 vCPU

  • 32 GB RAM

  • H755 RAID controller

  • 2 x 1 Gigabit Ethernet NICs

Windows 2019 or 2022 Standard Edition

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150

Virtual Disk:

  • 220 GB usable

Logical Volume:

  • OS Drive (220 GB)

Physical Disk:

  • 2 x 480 GB SSD SATA

  • 1 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 500

Virtual Disk:

  • 440 GB usable

Logical Volume:

  • S Drive (390 GB)

  • T Drive (50 GB, 64K AUS)

Web Console

Reference Platform

Performance (MPS)

Hardware

Operating System

Disk/Vol 1 Config

Disk/Vol 2 Config

LR-WC3500 Series

Web Console:

  • Max Event Rate: 1,000

  • Max Concurrent Users: 35

  • Hardware: 1 x 2.3 GHz 16 Core CPU

  • Min: 16vCPU Hardware: 32 vCPU

  • Min: 32 GB RAM Hardware: 48 GB RAM

  • H750 RAID controller with 8GB Cache

  • 2 x 10 Gb/s NICs

  • 2 x 1 Gb/s NICs

Windows 2019 or 2022 Standard Edition

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150

Virtual Disk:

  • 220 GB usable

Logical Volume:

  • OS Drive (220 GB)

Physical Disk:

  • 2 x 480 GB SSD SATA

  • 3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 1,000

Virtual Disk:

  • 480 GB usable

Logical Volume:

  • D Drive (480 GB)

LR-WC3501 Series

Web Console:

  • Max Event Rate: 1,000

  • Max Concurrent Users: 35

  • 1 x 2.6 GHz 8 Core CPU

  • 16 vCPU

  • 32 GB RAM

  • H755 RAID controller

  • 2 x 1 Gigabit Ethernet NICs

Windows 2019 or 2022 Standard Edition

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150

Virtual Disk:

  • 220 GB usable

Logical Volume:

  • OS Drive (220 GB)

Physical Disk:

  • 2 x 480 GB SSD SATA

  • 1 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 500

Virtual Disk:

  • 440 GB usable

Logical Volume:

  • S Drive (390 GB)

  • T Drive (50 GB, 64K AUS)

XM

Reference Platform

Performance (MPS)

Hardware

Operating System

Disk/Vol 1 Config

Disk/Vol 2 Config

Disk/Vol 3 Config

LR-XM4500 Series
(combined PM, DP, DX, AIE, Web, DC)

Data Processor:

  • Max Processing Rate: 2,000

AI Engine:

  • Max Processing Rate: 2,000

Data Indexer:

  • Indexing Rate: 2,000

Platform Manager:

  • Max LogMart Rate: 20

  • Max Events Rate: 20

Web Console:

  • Max Concurrent Users: 5

  • 1 x 2.2 GHz 10 Core CPU

  • 20 vCPU

  • 96 GB RAM

  • PERC H750 RAID Controller with 8GB Cache

  • 2 x 10 Gb/s NICs

  • 2 x 1 Gb/s NICs

Windows 2019 or 2022 Standard Edition

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150

Virtual Disk:

  • 220 GB usable

Logical Volume:

  • OS Drive (220 GB)

Physical Disk:

  • 6 x 600 GB 10K RPM SAS

  • RAID 5 + 1 HS

  • Hardware IOPS: 450

  • Recommended IOPS: 450

Virtual Disk:

  • 2.2 TB usable

Logical Volume:

  • D Drive (2033 GB, 64K AUS)

  • L Drive (150 GB, 64K AUS)

Physical Disk:

  • 2 x 480 GB SSD SATA

  • 3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 500

Virtual Disk:

  • 440 GB usable

Logical Volume:

  • S Drive (390 GB)

  • T Drive (50 GB, 64K AUS)

LR-XM6500 Series
(combined PM, DP, DX, AIE, Web, DC)

Data Processor:

  • Max Processing Rate: 5,000

AI Engine:

  • Max Processing Rate: 5,000

Data Indexer:

  • Max Indexing Rate: 5,000

Platform Manager:

  • Max LogMart Rate: 100

  • Max Events Rate: 100

Web Console:

  • Max Concurrent Users: 10

  • 2 x 2.2 GHz 10 Core CPU

  • 40 vCPU

  • 192 GB RAM

  • PERC H750 RAID Controller with 8GB Cache

  • 2 x 10 Gb/s NICs

  • 2 x 1 Gb/s NICs

Windows 2019 or 2022 Standard Edition

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150

Virtual Disk:

  • 220 GB usable

Logical Volume:

  • OS Drive (220 GB)

Physical Disk:

  • 14 x 1.2 TB 10K RPM SAS

  • RAID 5 + 1 HS

  • Hardware IOPS: 1233

  • Recommended IOPS: 1233

Virtual Disk:

  • 13600 GB usable

Logical Volume:

  • D Drive (13000 GB, 64K AUS)

  • L Drive (600 GB, 64K AUS)

Physical Disk:

  • 2 x 480 GB SSD SATA

  • 3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 1,000

Virtual Disk:

  • 440 GB usable

Logical Volume:

  • S Drive (390 GB)

  • T Drive (50 GB, 64K AUS)

LR-XM8500 Series
(combined PM, DP, DX, AIE, Web, DC)

Data Processor:

  • Max Processing Rate: 10,000

AI Engine:

  • Max Processing Rate: 10,000

Data Indexer:

  • Max Indexing Rate: 10,000

Platform Manager:

  • Max LogMart Rate: 200

  • Max Events Rate: 200

Web Console:

  • Max Concurrent Users: 15

  • 2 x 3.0 GHz 12 Core CPU

  • 48 vCPU

  • 256 GB RAM

  • PERC H750 RAID Controller with 8GB Cache

  • 2 x 10 Gb/s NICs

  • 2 x 1 Gb/s NICs

Windows 2019 or 2022 Standard Edition

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150

Virtual Disk:

  • 220 GB usable

Logical Volume:

  • OS Drive (220 GB)

Physical Disk:

  • 24 x 1.2 TB 10K RPM SAS

  • RAID 5 + 1 HS

  • Hardware IOPS: 2538

  • Recommended IOPS: 2538

Virtual Disk:

  • 24568 GB usable

Logical Volume:

  • D Drive (23568 GB, 64K AUS)

  • L Drive (1000 GB, 64K AUS)

Physical Disk:

  • 2 x 800 GB SSD SATA

  • 3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 1,500

Virtual Disk:

  • 736 GB usable

Logical Volume:

  • S Drive (686 GB)

  • T Drive (50 GB, 64K AUS)

Platform Manager

Reference Platform

Performance (MPS)

Hardware

Operating System

Disk/Vol 1 Config

Disk/Vol 2 Config

Disk/Vol 3 Config

Disk/Vol 4 Config

LR-PM5500 Series

Platform Manager:

  • Max LogMart Rate: 800

  • Max Events Rate: 400

AI Engine:

  • Max MPS Rate: 20,000

Web Console:

  • Max Concurrent Users: 15

  • 1 x 2.2 GHz 10 Core CPU

  • 20 vCPU

  • 128 GB RAM

  • PERC H750 RAID Controller with 8GB Cache

  • 2 x 10 Gb/s NICs

  • 2 x 1 Gb/s NICs

Windows 2019 or 2022 Standard Edition

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150

Virtual Disk:

  • 220 GB usable

Logical Volume:

  • OS Drive (220 GB)

Physical Disk:

  • 8 x 600 GB 15K RPM SAS

  • RAID 10

  • Hardware IOPS: 1,128

  • Recommended IOPS: 1,128

Virtual Disk:

  • 2200 GB usable

Logical Volume:

  • D Drive (2000 GB, 64K AUS)

  • L Drive (200 GB, 64K AUS)

Physical Disk:

  • 2 x 480 GB SSD SATA

  • 3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 500

Virtual Disk:

  • 440 GB usable

Logical Volume:

  • S Drive (390 GB)

  • T Drive (50 GB, 64K AUS)

not applicable

LR-PM7500 Series

Platform Manager:

  • Max LogMart Rate: 2,000

  • Max Events Rate: 1,000

AI Engine:

  • Max MPS Rate: 30,000

Web Console:

  • Max Concurrent Users: 35

  • 2 x 2.6 GHz 12 Core CPU

  • 48 vCPU

  • 196 GB RAM

  • PERC H750 RAID Controller with 8GB Cache

  • 2 x 10 Gb/s NICs

  • 2 x 1 Gb/s NICs

Windows 2019 or 2022 Standard Edition

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150

Virtual Disk:

  • 220 GB usable

Logical Volume:

  • OS Drive (220 GB)

Physical Disk:

  • 18 x 900 GB 15K RPM SAS

  • RAID 10

  • Hardware IOPS: 2538

  • Recommended IOPS: 2538

Virtual Disk:

  • 7452 GB usable

Logical Volume:

  • D Drive (7452 GB, 64K AUS)

Physical Disk:

  • 4 x 900 GB 15K RPM SAS

  • RAID 10

  • Hardware IOPS: 564

  • Recommended IOPS: 564

Virtual Disk:

  • 1656 GB usable

Logical Volume:

  • L Drive (1656 GB, 64K AUS)

Physical Disk:

  • 2 x 960GB SSD SATA

  • 3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 1,000

Virtual Disk:

  • 920 GB usable

Logical Volume:

  • S Drive (870 GB)

  • T Drive (50 GB, 64K AUS)

Data Processor

Reference Platform

Performance (MPS)

Hardware

Operating System

Disk/Vol 1 Config

Disk/Vol 2 Config

Disk/Vol 3 Config

LR-DP5500 Series

Data Processor:

  • Max Processing Rate: 15,000

  • 1 x 2.6 GHz 12 Core CPU

  • 24 vCPU

  • 64 GB RAM

  • PERC H750 RAID Controller with 8GB Cache

  • 2 x 10 Gb/s NICs

  • 2 x 1 Gb/s NICs

Windows 2019 or 2022 Standard Edition

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150

Virtual Disk:

  • 220 GB usable

Logical Volume:

  • OS Drive (220 GB)

Physical Disk:

  • 4 x 2 TB 7.2K RPM SAS

  • RAID 5 + 1 HS

  • Hardware IOPS: 148

  • Recommended IOPS: 148

Virtual Disk:

  • 3.6 TB usable

Logical Volume:

  • D Drive (3.6 TB)

Physical Disk:

  • 2 x 960GB SSD SATA

  • 3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 750

Virtual Disk:

  • 920 GB usable

Logical Volume:

  • S Drive (920 GB)

LR-DP7500 Series

Data Processor:

  • Max Processing Rate: 40,000

  • 2 x 3.0 GHz 12 Core CPU

  • 48 vCPU

  • 128 GB RAM

  • PERC H750 RAID Controller with 8GB Cache

  • 2 x 10 Gb/s NICs

  • 2 x 1 Gb/s NICs

Windows 2019 or 2022 Standard Edition

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150

Virtual Disk:

  • 220 GB usable

Logical Volume:

  • OS Drive (220 GB)

Physical Disk:

  • 8 x 2 TB 7.2K RPM SAS

  • RAID 5 + 1 HS

  • Hardware IOPS: 395

  • Recommended IOPS: 395

Virtual Disk:

  • 11 TB usable

Logical Volume:

  • D Drive (11 TB)

Physical Disk:

  • 2 x 1.92 TB SSD SATA

  • 3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 1500

Virtual Disk:

  • 1.8 TB usable

Logical Volume:

  • S Drive (1.8 TB)

Data Indexer

Reference Platform

Performance (MPS)

Hardware

Operating System

Disk/Vol 1 Config

Disk/Vol 2 Config

LR-DX3500 Series

Data Indexer:

  • Pinned Indexing Rate: 5,000

  • Clustered Indexing Rate: 3000/node

  • 1 x 2.3 GHz 12 Core CPU

  • 24 vCPU

  • 64 GB RAM

  • PERC H750 RAID Controller with 8GB Cache

  • 2 x 10 Gb/s NICs

  • 2 x 1 Gb/s NICs

Rocky 9.0+

Red Hat Enterprise Linux 9.0+

CentOS 7.4+

Red Hat Enterprise Linux 7.4+

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150

Virtual Disk:

  • 220 GB usable

Logical Volume:

  • OS Drive (220 GB)

Volume Size:

/

200 GB

Physical Disk:

  • 10 x 1.2 TB 10K RPM SAS

  • RAID 5 + 1 HS

  • Hardware IOPS: 793

  • Recommended IOPS: 793

Virtual Disk:

  • 8.8 TB usable

Logical Volume:

  • Data Drive (8.8TB)

Volume Size:

/usr/local/logrhythm

8800 GB

LR-DX5500 Series

Data Indexer:

  • Pinned Indexing Rate: 10,000

  • Clustered Indexing Rate: 6,000/node

  • 1 x 2.6 GHz 14 Core CPU

  • 28 vCPU

  • 128 GB RAM

  • PERC H750 RAID Controller with 8GB Cache

  • 2 x 10 Gb/s NICs

  • 2 x 1 Gb/s NICs

Rocky 9.0+

Red Hat Enterprise Linux 9.0+

CentOS 7.4+

Red Hat Enterprise Linux 7.4+

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150

Virtual Disk:

  • 220 GB usable

Logical Volume:

  • OS Drive (220 GB)

Volume Size:

/

200 GB

Physical Disk:

  • 16 x 1.2 TB 10K RPM SAS

  • RAID 5 + 1 HS

  • Hardware IOPS: 1410

  • Recommended IOPS: 1410

Virtual Disk:

  • 15.45 TB usable

Logical Volume:

  • Data Drive (15.45 TB)

Volume Size:

/usr/local/logrhythm

16000 GB

LR-DX7500 Series

Data Indexer:

  • Pinned Indexing Rate: 20,000

  • Clustered Indexing Rate: 12,000/node

  • 2 x 2.6 GHz 14 Core CPU

  • 56 vCPU

  • 256 GB RAM

  • PERC H750 RAID Controller with 8GB Cache

  • 2 x 10 Gigabit Ethernet NICs

  • 2 x 1 Gigabit Ethernet NICs

Rocky 9.0+

Red Hat Enterprise Linux 9.0+

CentOS 7.4+

Red Hat Enterprise Linux 7.4+

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWDP

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150

Virtual Disk:

  • 220 GB usable

Logical Volume:

  • OS Drive (220 GB)

Logical Volume:

  • OS Drive (546 GB)

Volume Size:

/

200 GB

Physical Disk:

  • 26 x 1.92 TB SSD SATA

  • 3 DWPD

  • RAID 5 + 1 HS

  • Hardware IOPS: 85000

  • Recommended IOPS: 2750

Virtual Disk:

  • 39 TB usable

Logical Volume:

  • Data Drive (39 TB)

Volume Size:

/usr/local/logrhythm

39 TB

LR-DXW5120

Data Indexer:

  • Max Indexing Rate: 0

  • 1 x 2.2 GHz 10 Core CPU

  • 20 vCPU

  • 128 GB RAM

  • PERC H750 RAID Controller with 8GB Cache

  • 2 x 10 Gigabit Ethernet NICs

  • 2 x 1 Gigabit Ethernet NICs

Rocky 9.0+

Red Hat Enterprise Linux 9.0+

CentOS 7.4+

Red Hat Enterprise Linux 7.4+

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWPD RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150 

Virtual Disk:

  • 220 GB usable 

Logical Volume:

  • OS Drive (220 GB)

Volume Size:

/

200 GB

Physical Disk:

  • 12 x 12 TB 7.2K RPM SATA

  • RAID 5 + 1 HS

  • Hardware IOPS:  750

  • Recommended IOPS: 750

Virtual Disk:

  • 108 TB usable

Logical Volume:

  • Data Drive (108 TB)

Volume Size:

/usr/local/logrhythm

108TB

AI Engine

Reference Platform

Performance (MPS)

Hardware

Operating System

Disk/Vol 1 Config

Disk/Vol 2 Config

LR-AIE7500 Series

AI Engine:

  • Max MPS: 75,000

  • Max Number of Rules: 2,000

  • 2 x 3.0 GHz 12 Core CPU

  • 48 vCPU

  • 128 GB RAM

  • PERC H750 RAID Controller with 8GB Cache

  • 2 x 10 Gb/s NICs

  • 2 x 1 Gb/s NICs

Windows 2019 or 2022 Standard Edition

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150

Virtual Disk:

  • 220 GB usable

Logical Volume:

  • OS Drive (220 GB)

Physical Disk:

  • 2 x 2 TB SSD SATA

  • 3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 2,000

Virtual Disk:

  • 1.8 TB usable

Logical Volume:

  • S Drive (1.8 TB)

Network Monitor

Reference Platform

Performance (MPS)

Hardware

Operating System

Disk/Vol 1 Config

Disk/Vol 2 Config

LR-NM3500

1 Gb Network Monitor

  • 1 x 2.3 GHz 12 Core CPU

  • 24 vCPU

  • 64 GB RAM

  • PERC H750 RAID Controller with 8GB Cache

  • 2 x 10 Gb/s NICs

  • 2 x 1 Gb/s NICs

CentOS 7.6 or Red Hat Enterprise Linux 7

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150

Virtual Disk:

  • 220 GB usable

Logical Volume:

  • OS Drive (220 GB)

Physical Disk:

  • 8 x 600 GB 10K RPM SAS

  • RAID 5 + 1 HS

  • Hardware IOPS: 717

  • Recommended IOPS: 717

Virtual Disk:

  • 3312 GB usable

Logical Volume:

  • Data Drive (3312 GB)

LR-NM5500

5 Gb Network Monitor

  • 2 x 2.6 GHz 14 Core CPU

  • 56 vCPU

  • 128 GB RAM

  • PERC H750 RAID Controller with 8GB Cache

  • 2 x 10 Gb/s NICs

  • 2 x 1 Gb/s NICs

CentOS 7.6 or Red Hat Enterprise Linux 7

Physical Disk:

  • 2 x 240 GB M.2 SSD

  • 0.3 DWPD

  • RAID 1

  • Hardware IOPS: 85,000

  • Recommended IOPS: 150

Virtual Disk:

  • 220 GB usable

Logical Volume:

  • OS Drive (220 GB)

Physical Disk:

  • 24 x 600 GB 10K RPM SAS

  • RAID 5 + 1 HS

  • Hardware IOPS: 2115

  • Recommended IOPS: 2115

Virtual Disk:

  • 12284 GB usable

Logical Volume:

  • Data Drive (12232 GB)

Storage Arrays

Reference Platform

Performance (MPS)

Hardware

Operating System

Disk/Vol 1 Config

Disk/Vol 2 Config

SANM5026 (direct attached storage for NM)

12 Gbps SAS

PERC H840 RAID Controller with 8 GB Cache

not applicable

Physical Disk:

  • 24 x 1.2 TB 10K RPM SAS

  • RAID 5 + 1 HS

  • Hardware IOPS: 2538

Virtual Disk:

  • 24464 GB usable

Logical Volume:

  • Data Drive (24464 GB)

not applicable

SAAR5120 (direct attached storage for archives)

12 Gbps SAS

PERC H840 RAID Controller with 8 GB Cache

not applicable

Physical Disk:

  • 12 x 12 TB 7200 RPM SAS

  • RAID 5 + 1 HS

  • Hardware IOPS: 1135

Virtual Disk:

  • 120 TB usable

Logical Volume:

  • Archive Drive (120 TB)

not applicable

SAPM5020 (direct attached storage for PM)

12 Gbps SAS

PERC H840 RAID Controller with 8 GB Cache

not applicable

Physical Disk:

  • 20 x 900 GB 15K RPM SAS

  • RAID 10

  • Hardware IOPS: 2820

Virtual Disk:

  • 8280 GB usable

Logical Volume:

  • E Drive (8280 GB)

Physical Disk:

  • 4 x 900 GB 15K RPM SAS

  • RAID 10

  • Hardware IOPS: 564

Virtual Disk:

  • 1656 GB usable

Logical Volume:

  • M Drive (1656 GB)

Virtual Sandboxes

The virtual platforms described in the table below are for labs/sandbox use only. They are not intended for production use.

Reference Platform

Performance (MPS)

Hardware

Operating System

Disk/Vol 1 Config

Disk/Vol 2 Config

LR-XMVS
(combined PM, DP, DX virtual server)

For labs/sandbox use only

Data Processor:

  • Max Processing Rate: 500

Data Indexer:

  • Max Indexing Rate: 500

Platform Manager:

  • Max LogMart Rate: 50

  • Max Events Rate: 25

  • 8 vCPU

  • 32 GB RAM

  • 1 NIC

Windows 2019 or 2022 Standard Edition

Disk:

  • Recommended IOPS: 150

Logical Volume:

  • C Drive (100 GB)

  • L Drive (20 GB, 64K AUS)

  • T Drive (10 GB, 64K AUS)

Disk:

  • Recommended IOPS: 150

Logical Volume:

  • D Drive (150 GB, 64K AUS)

LR-PMVS1
(dedicated PM virtual server)

For labs/sandbox use only

Platform Manager:

  • Max LogMart Rate: 50

  • Max Events Rate: 25

  • 4 vCPU

  • 16 GB RAM

  • 1 NIC

Windows 2019 or 2022 Standard Edition

Disk:

  • Recommended IOPS: 150

Logical Volume:

  • C Drive (100 GB)

  • L Drive (20 GB, 64K AUS)

  • T Drive (10 GB, 64K AUS)

Disk:

  • Recommended IOPS: 150

Logical Volume:

  • D Drive (150 GB, 64K AUS)

LR-DPVS1
(dedicated DP virtual server)

For labs/sandbox use only

Data Processor:

  • Max Processing Rate: 500

  • 4 vCPU

  • 8 GB RAM

  • 1 NIC

Windows 2019 or 2022 Standard Edition

Disk:

  • Recommended IOPS: 150

Logical Volume:

  • C Drive (100 GB)

  • D Drive (50 GB)

not applicable

LR-DXVS1
(dedicated DX virtual server)

For labs/sandbox use only

Data Indexer:

  • Max Indexing Rate: 500

  • 4 vCPU

  • 16 GB RAM

  • 1 NIC

CentOS 7.6 or Red Hat Enterprise Linux 7

Disk:

  • Recommended IOPS: 150

Logical Volume:

  • OS Drive (100 GB)

Disk:

  • Recommended IOPS: 150

Logical Volume:

  • Data Drive (150 GB)

AWS Platform Reference Architecture

AWS EC2 instances should be considered minimums. In some environments, higher performance instances may be required.

Data Collector

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

LR-DC3400

Sustained Collection Rate: 2,000-5,000

Burst Collection Rate: 10,000

Max Remote Windows Log Sources: 500

AWS: m6a.xlarge

vCPU: 4

Memory: 16GB

Windows 2019 or 2022 Standard Edition

Disk Type:

gp3 - 250 GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

gp3 - 100 GB

Volume Size:

D Drive: 100 GB

Description:

State

XM

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

Disk/Vol Config 3

Disk/Vol Config 4

LR-XM4500 Series
(Combined PM/DP/DX/AIE/Web Server)

Data Processor:

  • Max Processing Rate: 2,000

AI Engine:

  • Max Processing Rate: 2,000

Data Indexer:

  • Indexing Rate: 2,000

Platform Manager:

  • Max LogMart Rate: 20

  • Max Events Rate: 20

Web Console:

  • Max Concurrent Users: 5

AWS: r6i.4xlarge

vCPU: 16

Memory: 128GB

Windows 2019 or 2022 Standard Edition

Disk Type:

gp3 - 250 GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

gp3 - 800 GB

Volume Size:

D Drive: 500 GB

S Drive: 100 GB

L Drive: 150 GB

T Drive: 50 GB

Description:

SQL DB / SQL Logs /

State / Temp

Disk Type:

gp3 - 1500 GB

Volume Size:

E Drive: 1500 GB

Description:

Elasticsearch Data

not applicable

LR-XM6500 Series
(Combined PM/DP/DX/AIE/Web Server)

Data Processor:

  • Max Processing Rate: 5,000

AI Engine:

  • Max Processing Rate: 5,000

Data Indexer:

  • Max Indexing Rate: 5,000

Platform Manager:

  • Max LogMart Rate: 100

  • Max Events Rate: 100

Web Console:

  • Max Concurrent Users: 10

AWS: m6a.12xlarge

vCPU: 48

Memory: 192GB

Windows 2019 or 2022 Standard Edition

Disk Type:

gp3 - 250 GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

gp3 - 3000 GB

Volume Size:

D Drive: 2700 GB

S Drive: 250 GB

T Drive: 50 GB

Description:

SQL DB / State / Temp

Disk Type:

gp3 - 9000 GB

Volume Size:

E Drive: 9000 GB

Description:

Elasticsearch Data

Disk Type:

gp3 - 200 to 800 GB

Volume Size:

L Drive: 800 GB (if DR is used)

or

L Drive: 200 GB (if DR not used)

Description:

SQL Logs

LR-XM8500 Series
(Combined PM/DP/DX/AIE/Web Server)

Data Processor:

  • Max Processing Rate: 10,000

AI Engine:

  • Max Processing Rate: 10,000

Data Indexer:

  • Max Indexing Rate: 10,000

Platform Manager:

  • Max LogMart Rate: 200

  • Max Events Rate: 200

Web Console:

  • Max Concurrent Users: 15

AWS: m6a.16xlarge

vCPU: 64

Memory: 256GB

Windows 2019 or 2022 Standard Edition

Disk Type:

gp3 - 250 GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

gp3 - 5000 GB

Volume Size:

D Drive: 4500 GB

S Drive: 450 GB

T Drive: 50 GB

Description:

SQL DB / State / Temp

Disk Type:

gp3 - 16000 GB

Volume Size:

E Drive: 16000 GB

Description:

Elasticsearch Data

Disk Type:

gp3 - 200 to 800 GB

Volume Size:

L Drive: 800 GB (if DR is used)

or

L Drive: 200 GB (if DR not used)

Description:

SQL Logs

Platform Manager

Reference Platform

Performance (MPS) 

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

Disk/Vol Config 3

LR-PMC-Small

Platform Manager only:

  • Max Events Rate: 20

  • Max LogMart Rate: 0-Disabled

Deployments under 5000mps

DR/HA not supported

AWS:

r6i.xlarge

vCPU: 4

Memory: 32GB

Windows 2019 or 2022 Standard Edition

Disk Type:

gp3 - 250 GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

gp3 - 500 GB

Volume Size:

D Drive: 350 GB

L Drive: 50 GB

S Drive: 50 GB

T Drive 50 GB

Description:

SQL DB / SQL Logs / State / Temp

not applicable

LR-PMC-Large

Platform Manager only:

  • Max Events Rate: 100

  • Max LogMart Rate: 0-Disabled

Deployments between 5,000 to 10,000mps

DR/HA not supported

AWS:

m5a.2xlarge

vCPU: 8

Memory: 32GB

Windows 2019 or 2022 Standard Edition

Disk Type:

gp3 - 250 GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

gp3 - 1000 GB

Volume Size:

D Drive: 750 GB

L Drive: 100 GB

S Drive: 100 GB

T Drive 50 GB

Description:

SQL DB / SQL Logs / State / Temp

not applicable

LR-PM5500 Series

Platform Manager:

  • Max LogMart Rate: 800

  • Max Events Rate: 400

AI Engine:

  • Max MPS Rate: 20,000

Web Console:

  • Max Concurrent Users: 15

AWS:

r6i.4xlarge

vCPU: 16

Memory: 128GB

Windows 2019 or 2022 Standard Edition

Disk Type:

gp3 - 250 GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

gp3 - 1900 GB

Volume Size:

D Drive: 1600 GB

S Drive: 250 GB

T Drive 50 GB

Description:

SQL DB / State / Temp

Disk Type:

gp3 - 200 to 800 GB

Volume Size:

L Drive: 800 GB (if DR is used)

or

L Drive: 200 GB (if DR not used)

Description:

SQL Logs

LR-PM7500 Series

Platform Manager:

  • Max LogMart Rate: 2,000

  • Max Events Rate: 1,000

AI Engine:

  • Max MPS Rate: 30,000

Web Console:

  • Max Concurrent Users: 35

AWS:

m6a.8xlarge

vCPU: 32

Memory: 128GB

Windows 2019 or 2022 Standard Edition

Disk Type:

gp3 - 250 GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

gp2

Volume Size:

D Drive: 5000 GB

S Drive: 500 GB

T Drive 50 GB

Description:

SQL DB / State / Temp

Disk Type:

gp3 - 200 to 800 GB

Volume Size:

L Drive: 800 GB (if DR is used)

or

L Drive: 200 GB (if DR not used)

Description:

SQL Logs

DPAWC

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

Disk/Vol Config 3

LR-DPAWC3500

Data Processor:

  • Max Processing Rate: 1,000

AI Engine:

  • Max Processing Rate: 1,000

Web Console:

  • Max Concurrent Users: 5

AWS: r6i.xlarge

vCPU: 4

Memory: 32GB

Windows 2019 or 2022 Standard Edition

Disk Type:

gp3 - 250 GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

gp3 - 150 GB

Volume Size:

S Drive: 150 GB

Description:

State

Disk Type:

sc1 - adjustable

Volume Size:

E Drive: 500 GB

Description:

Inactive Archives

(adjustable)

LR-DPAWC5500

Data Processor:

  • Max Processing Rate: 5,000

AI Engine:

  • Max Processing Rate: 5,000

Web Console:

  • Max Concurrent Users: 5

AWS: r6i.2xlarge

vCPU: 8

Memory: 64GB

Windows 2019 or 2022 Standard Edition

Disk Type:

gp3 - 250 GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

gp3 - 250 GB

Volume Size:

S Drive: 250 GB

Description:

State

Disk Type:

sc1 - adjustable

Volume Size:

E Drive: 1000 GB

Description:

Inactive Archives

(adjustable)

LR-DPAWC7500

Data Processor:

  • Max Processing Rate: 10,000

AI Engine:

  • Max Processing Rate: 10,000

Web Console:

  • Max Concurrent Users: 15

AWS: m6i.4xlarge

vCPU: 16

Memory: 64GB

Windows 2019 or 2022 Standard Edition

Disk Type:

gp3 - 250 GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

gp3 - 500 GB

Volume Size:

S Drive: 500 GB

Description:

State

Disk Type:

sc1 - adjustable

Volume Size:

E Drive: 2000 GB

Description:

Inactive Archives

(adjustable)

Data Processor

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

Disk/Vol Config 3

LR-DP5500 Series

Data Processor:

  • Max Processing Rate: 15,000

AWS: c6i.8xlarge

vCPU: 32

Memory: 64GB

Windows 2019 or 2022 Standard Edition

Disk Type:

gp3 - 250 GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

gp3 - 500 GB

Volume Size:

S Drive: 500 GB

Description:

Active Archives and LR

State

Disk Type:

sc1 - adjustable

Volume Size:

E Drive: 2000 GB

Description:

Inactive Archives

(adjustable)

LR-DP7500 Series

Data Processor:

  • Max Processing Rate: 40,000

AWS: c6i.12xlarge

vCPU: 48 

Memory: 96GB

Windows 2019 or 2022 Standard Edition

Disk Type:

gp3 - 250 GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

gp3 - 1200 GB

Volume Size:

S Drive: 1200 GB

Description:

Active Archives and LR

State

Disk Type:

sc1 - adjustable

Volume Size:

E Drive: 8000 GB

Description:

Inactive Archives

(adjustable)

AI Engine

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

LR-AIE7500 Series

AI Engine:

  • Max MPS: 75,000

  • Max Number of Rules: 2,000

AWS: c6i.12xlarge

vCPU: 48

Memory: 96GB

Windows 2019 or 2022 Standard Edition

Disk Type:

gp3 - 250 GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

gp3 - 500 GB

Volume Size:

D Drive: 500 GB

Description:

AIE State/Data

Data Indexer

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

Disk/Vol Config 3

Disk/Vol Config 4

LR-DX1500 Series

Data Indexer:

  • Pinned Indexing Rate: 1,000

AWS: r5.2xlarge

vCPU: 4

Memory: 64GB

AWS Marketplace Image:

Rocky Linux 9 (Official) - x86_64 by Rocky Linux

Disk Type:

gp3 - 250 GB

Volume Size:

/

250 GB

Description:

Operating System

Disk Type:

gp3 - 4400 GB

Throughput - default

IOPS - default

Volume Size:

/usr/local/logrhythm

4400 GB

Description:

Elasticsearch Data

not applicable

not applicable

LR-DX3500 Series

Data Indexer:

  • Pinned Indexing Rate: 5,000

  • Clustered Indexing Rate: 3000/node

AWS: m6i.4xlarge

vCPU: 16

Memory: 64GB

AWS Marketplace Image:

Rocky Linux 9 (Official) - x86_64 by Rocky Linux

Disk Type:

gp3 - 250 GB

Volume Size:

/

250 GB

Description:

Operating System

Disk Type:

gp3 - 8800 GB

Throughput - default

IOPS - default

Volume Size:

/usr/local/logrhythm

8800 GB

Description:

Elasticsearch Data

not applicable

not applicable

LR-DX5500 Series

Data Indexer:

  • Pinned Indexing Rate: 10,000

  • Clustered Indexing Rate: 6,000/node

AWS: m6i.8xlarge 

vCPU: 32

Memory: 128GB

AWS Marketplace Image:

Rocky Linux 9 (Official) - x86_64 by Rocky Linux

Disk Type:

gp3 - 250 GB

Volume Size:

/

250 GB

Description:

Operating System

Disk Type:

gp3 - 16000 GB

Throughput - 300MB/s

IOPS - 5000

Volume Size:

/usr/local/logrhythm

16000 GB

Description:

Elasticsearch Data

not applicable

not applicable

LR-DX7500 Series

Data Indexer:

  • Pinned Indexing Rate: 20,000

  • Clustered Indexing Rate: 12,000/node

AWS: m6i.16xlarge 

vCPU: 64

Memory: 256GB

AWS Marketplace Image:

Rocky Linux 9 (Official) - x86_64 by Rocky Linux

Disk Type:

gp3 - 250 GB

Volume Size:

/

250 GB

Description:

Operating System

Disk Type:

gp3 - 16000 GB

Throughput - 300MB/s

IOPS - 5000

Volume Size:

LVM - /usr/local/logrhythm

16000 GB

Description:

Elasticsearch Data

Disk Type:

gp3 - 16000 GB

Throughput - 300MB/s

IOPS - 5000

Volume Size:

LVM - /usr/local/logrhythm

16000 GB

Description:

Elasticsearch Data

not applicable

LR-DXW5120 Series
(dedicated warm tier)

Data Indexer:

  • Max Indexing Rate: 0

AWS: r5a.4xlarge 

vCPU: 16

Memory: 128GB

AWS Marketplace Image:

Rocky Linux 9 (Official) - x86_64 by Rocky Linux

Disk Type:

gp3 - 250 GB

Volume Size:

/

250 GB

Description:

Operating System

Disk Type:

st1 - 16000 GB

Volume Size:

LVM - /usr/local/logrhythm

16000 GB

Description:

Elasticsearch Data

Disk Type:

st1 - 16000 GB

Volume Size:

LVM - /usr/local/logrhythm

16000 GB

Description:

Elasticsearch Data

Additional disks based on TTL required

Google Cloud Platform Reference Architecture

Google Cloud instance sizes should be considered minimums. In some environments, higher performance instances may be required.

Data Collector

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

LR-DC3400

Sustained Collection Rate: 2,000-5,000

Burst Collection Rate: 10,000

Max Remote Windows Log Sources: 500

n2-standard-4

vCPU: 4

Memory: 16GB

Windows 2019 or 2022 Standard Edition

Disk Type:

pd-standard - 250 GB

Volume Size:

C Drive: 200 GB

Description:

Operating System

Disk Type:

pd-standard - 100 GB

Volume Size:

D Drive: 100 GB

Description:

LR State

XM

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

Disk/Vol Config 3

Disk/Vol Config 4

LR-XM4500 Series
(Combined PM/DP/DX/AIE/Web Server)

Data Processor:

  • Max Processing Rate: 2,000

AI Engine:

  • Max Processing Rate: 2,000

Data Indexer:

  • Indexing Rate: 2,000

Platform Manager:

  • Max LogMart Rate: 20

  • Max Events Rate: 20

Web Console:

  • Max Concurrent Users: 5

n2-highmem-16

vCPU: 16

Memory: 128GB 

Windows 2019 or 2022 Standard Edition

Disk Type:

pd-standard - 250GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

pd-balanced - 800 GB

Volume Size:

D Drive: 500 GB

L Drive: 100 GB

S Drive: 150 GB

T Drive: 50 GB

Description:

SQL Databases/ES Data/SQL Logs/LR State/SQL Temp

Disk Type:

pd-balanced - 1500 GB

Volume Size:

E Drive: 1500 GB

Description:

Elasticsearch Data

not applicable

LR-XM6500 Series
(Combined PM/DP/DX/AIE/Web Server)

Data Processor:

  • Max Processing Rate: 5,000

AI Engine:

  • Max Processing Rate: 5,000

Data Indexer:

  • Max Indexing Rate: 5,000

Platform Manager:

  • Max LogMart Rate: 100

  • Max Events Rate: 100

Web Console:

  • Max Concurrent Users: 10

n2-custom

vCPU: 40

Memory: 196GB

Windows 2019 or 2022 Standard Edition

Disk Type:

pd-standard - 250GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

pd-balanced - 3000 GB

Volume Size:

D Drive: 2750 GB

S Drive: 250 GB

T Drive: 50 GB

Description:

SQL Databases/State/SQL Temp

Disk Type:

pd-balanced - 9000 GB

Volume Size:

E Drive: 9000 GB

Description:

ElasticSearch Data

Disk Type:

pd-ballanced - 200 to 800 GB

Volume Size:

L Drive: 800 GB (if DR is used)

or

L Drive: 200 GB (if DR not used)

Description:

SQL Logs

LR-XM8500 Series
(Combined PM/DP/DX/AIE/Web Server)

Data Processor:

  • Max Processing Rate: 10,000

AI Engine:

  • Max Processing Rate: 10,000

Data Indexer:

  • Max Indexing Rate: 10,000

Platform Manager:

  • Max LogMart Rate: 200

  • Max Events Rate: 200

Web Console:

  • Max Concurrent Users: 15

n2-custom

vCPU: 48

Memory: 256GB

Windows 2019 or 2022 Standard Edition

Disk Type:

pd-standard - 250GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

pd-balanced - 5000 GB

Volume Size:

D Drive: 4500 GB

S Drive: 450 GB

T Drive: 50 GB

Description:

SQL Databases/SQL Logs/SQL Temp

Disk Type:

pd-balanced - 16000 GB

Volume Size:

E Drive: 16000 GB

Description:

ElasticSearch Data

Disk Type:

pd-ballanced - 200 to 800 GB

Volume Size:

L Drive: 800 GB (if DR is used)

or

L Drive: 200 GB (if DR not used)

Description:

SQL Logs

Platform Manager

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

Disk/Vol Config 3

LR-PMC-Small

Platform Manager only:

  • Max Events Rate: 20

  • Max LogMart Rate: 0-Disabled

Deployments under 5000mps

DR/HA not supported

n2-highmem-4

vCPU: 4

Memory: 32GB

Windows 2019 or 2022 Standard Edition

Disk Type:

pd-standard - 250GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

pd-balanced - 500 GB

Volume Size:

D Drive: 350 GB

L Drive: 50 GB

S Drive: 50 GB

T Drive 50 GB

Description:

SQL DB / SQL Logs / State / Temp

not applicable

LR-PMC-Large

Platform Manager only:

  • Max Events Rate: 100

  • Max LogMart Rate: 0-Disabled

Deployments between 5,000 to 10,000mps

DR/HA not supported

n2-standard-8

vCPU: 8

Memory: 32GB

Windows 2019 or 2022 Standard Edition

Disk Type:

pd-standard - 250GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

pd-balanced - 1000 GB

Volume Size:

D Drive: 750 GB

L Drive: 100 GB

S Drive: 100 GB

T Drive 50 GB

Description:

SQL DB / SQL Logs / State / Temp

not applicable

LR-PM5500 Series

Platform Manager:

  • Max LogMart Rate: 800

  • Max Events Rate: 400

AI Engine:

  • Max MPS Rate: 20,000

Web Console:

  • Max Concurrent Users: 15

n2-custom

vCPU: 20

Memory: 128GB

Windows 2019 or 2022 Standard Edition

Disk Type:

pd-standard - 250GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

pd-balanced - 2000 GB

Volume Size:

D Drive: 1600 GB

S Drive: 300 GB

T Drive: 100 GB

Description:

SQL DB / State / Temp

Disk Type:

pd-balanced - 200 to 800 GB

Volume Size:

L Drive: 800 GB (if DR is used)

or

L Drive: 400 GB (if DR not used)

Description:

SQL Logs

LR-PM7500 Series

Platform Manager:

  • Max LogMart Rate: 2,000

  • Max Events Rate: 1,000

AI Engine:

  • Max MPS Rate: 30,000

Web Console:

  • Max Concurrent Users: 35

n2-custom

vCPU: 48

Memory: 196GB

Windows 2019 or 2022 Standard Edition

Disk Type:

pd-standard - 250GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

pd-balanced - 8200 GB

Volume Size:

D Drive: 7500 GB

S Drive: 500 GB

T Drive: 200 GB

Description:

SQL DB / State / Temp

Disk Type:

pd-balanced - 200 to 800 GB

Volume Size:

L Drive: 2000 GB (if DR is used)

or

L Drive: 500 GB (if DR not used)

Description:

SQL Logs

DPAWC

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

Disk/Vol Config 3

LR-DPAWC3500

Data Processor:

  • Max Processing Rate: 1,000

AI Engine:

  • Max Processing Rate: 1,000

Web Console:

  • Max Concurrent Users: 5

n2-highmem-4

vCPU: 4

Memory: 32GB

Windows 2019 or 2022 Standard Edition

Disk Type:

pd-standard - 250GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

pd-balanced - 150 GB

Volume Size:

S Drive: 150 GB

Description:

State

Disk Type:

pd-standard - adjustable

Volume Size:

E Drive: 500 GB

Description:

Inactive Archives

(adjustable)

LR-DPAWC5500

Data Processor:

  • Max Processing Rate: 5,000

AI Engine:

  • Max Processing Rate: 5,000

Web Console:

  • Max Concurrent Users: 5

n2-highmem-8

vCPU: 8

Memory: 64GB

Windows 2019 or 2022 Standard Edition

Disk Type:

pd-standard - 250GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

pd-balanced - 250 GB

Volume Size:

S Drive: 250 GB

Description:

State

Disk Type:

pd-standard - adjustable

Volume Size:

E Drive: 1000 GB

Description:

Inactive Archives

(adjustable)

LR-DPAWC7500

Data Processor:

  • Max Processing Rate: 10,000

AI Engine:

  • Max Processing Rate: 10,000

Web Console:

  • Max Concurrent Users: 15

n2-standard-16

vCPU: 16

Memory: 64GB

Windows 2019 or 2022 Standard Edition

Disk Type:

pd-standard - 250GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

pd-balanced - 500 GB

Volume Size:

S Drive: 500 GB

Description:

State

Disk Type:

pd-standard - adjustable

Volume Size:

E Drive: 2000 GB

Description:

Inactive Archives

(adjustable)

Data Processor

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

Disk/Vol Config 3

LR-DP5500 Series

Data Processor:

  • Max Processing Rate: 15,000

n2-custom

vCPU: 24

Memory: 64GB

Windows 2019 or 2022 Standard Edition

Disk Type:

pd-standard - 250GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

pd-balanced - 500 GB

Volume Size:

S Drive: 500 GB

Description:

Active Archives/LR

State

Disk Type:

pd-standard - adjustable

Volume Size:

E Drive: 2000 GB

Description:

Inactive Archives

(adjustable)

LR-DP7500 Series

Data Processor:

  • Max Processing Rate: 40,000

n2-custom

vCPU: 48

Memory: 128GB

Windows 2019 or 2022 Standard Edition

Disk Type:

pd-standard - 250GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

pd-balanced - 1000 GB

Volume Size:

S Drive: 1000 GB

Description:

Active Archives/LR

State

Disk Type:

pd-standard - adjustable

Volume Size:

E Drive: 8000 GB

Description:

Inactive Archives

(adjustable)

AI Engine

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

LR-AIE7500 Series

AI Engine:

Max MPS: 75,000

Max Number of Rules: 2,000

n2-custom

vCPU: 48

Memory: 128GB

Windows 2019 or 2022 Standard Edition

Disk Type:

pd-standard - 250GB

Volume Size:

C Drive: 250 GB

Description:

Operating System

Disk Type:

pd-balanced - 500 GB

Volume Size:

S Drive: 500 GB

Description:

AIE State/Data

Data Indexer

GCP only allows for a max volume of 64TB per instance. You will need to add multiple instances to meet the DXW5120 hardware appliance.

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

Disk/Vol Config 3

LR-DX1500 Series

Data Indexer:

  • Pinned Indexing Rate: 1,000

n2-highmem-8

vCPU: 8

Memory: 64GB

Image Family:

rocky-linux-9-optimized-gcp

Disk Type:

pd-standard - 250 GB

Volume Size:

/

250 GB

Description:

Operating System

Disk Type:

pd-balanced - 4400 GB

Volume Size:

/usr/local/logrhythm

4400 GB

Description:

Elasticsearch Data

not applicable

LR-DX3500 Series

Data Indexer:

  • Pinned Indexing Rate: 5,000

  • Clustered Indexing Rate: 3000/node

n2-standard-16

vCPU: 16

Memory: 64GB

Image Family:

rocky-linux-9-optimized-gcp

Disk Type:

pd-standard - 250 GB

Volume Size:

/

250 GB

Description:

Operating System

Disk Type:

pd-balanced - 8800 GB

Volume Size:

/usr/local/logrhythm

8800 GB

Description:

Elasticsearch Data

not applicable

LR-DX5500 Series

Data Indexer:

  • Pinned Indexing Rate: 10,000

  • Clustered Indexing Rate: 6,000/node

n2-standard-32

vCPU: 32

Memory:128GB

Image Family:

rocky-linux-9-optimized-gcp

Disk Type:

pd-standard - 250 GB

Volume Size:

/

250 GB

Description:

Operating System

Disk Type:

pd-balanced - 16000 GB

Volume Size:

/usr/local/logrhythm

16000 GB

Description:

Elasticsearch Data

not applicable

LR-DX7500 Series

Data Indexer:

  • Pinned Indexing Rate: 20,000

  • Clustered Indexing Rate: 12,000/node

n2-standard-64

vCPU: 64

Memory: 256GB

Image Family:

rocky-linux-9-optimized-gcp

Disk Type:

pd-standard - 250 GB

Volume Size:

/

250 GB

Description:

Operating System

Disk Type:

pd-balanced - 32000 GB

Volume Size:

/usr/local/logrhythm

32000 GB

Description:

Elasticsearch Data

not applicable

LR-DXW5120
(dedicated warm tier)

Data Indexer:

  • Max Indexing Rate: 0

n2-highmem-16

vCPU: 16

Memory: 128GB

Image Family:

rocky-linux-9-optimized-gcp

Disk Type:

pd-standard - 250 GB

Volume Size:

/

250 GB

Description:

Operating System

*Disk Type:

pd-standard - 64000 GB

Volume Size:

/usr/local/logrhythm

64000 GB

Description:

Elasticsearch Data

Additional disks based on TTL required

Azure Platform Reference Architecture

Microsoft Azure instance sizes should be considered minimums. In some environments, higher performance instances may be required.

For all platforms, use only read host cache on data disks, such as SQL data or Elasticsearch data.

Data Collector

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

LR-DC3400

Sustained Collection Rate: 2,000-5,000

Burst Collection Rate: 10,000

Max Remote Windows Log Sources: 500

D4 v5

vCPU: 4

Memory: 16GB

Windows 2019 or 2022 Standard Edition

Disk Type:

S15 - 256 GB

Volume Size:

C Drive: 256 GB

Description:

Operating System

Disk Type:

S10 - 128 GB

Volume Size:

D Drive: 128 GB

Description:

State

XM

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

Disk/Vol Config 3

Disk/Vol Config 4

LR-XM4500 Series
(combined PM/DP/DX/AIE/Web server)

Data Processor:

  • Max Processing Rate: 2,000

AI Engine:

  • Max Processing Rate: 2,000

Data Indexer:

  • Indexing Rate: 2,000

Platform Manager:

  • Max LogMart Rate: 20

  • Max Events Rate: 20

Web Console:

  • Max Concurrent Users: 5

E16 v5

vCPU: 16

Memory: 128GB 

Windows 2019 or 2022 Standard Edition

Disk Type:

S15 - 256 GB

Volume Size:

C Drive: 256 GB

Description:

Operating System

Disk Type:

E30 - 1024 GB

Volume Size:

D Drive: 775 GB

L Drive: 100 GB

S Drive: 100 GB

T Drive: 50 GB

Description:

SQL Data/SQL Logs/LR State/SQL Temp

Disk Type:

E40 - 2048 GB

Volume Size:

E Drive: 2048 GB

Description:

Elasticsearch Data

not applicable

LR-XM6500 Series
(combined PM/DP/DX/AIE/Web server)

Data Processor:

  • Max Processing Rate: 5,000

AI Engine:

  • Max Processing Rate: 5,000

Data Indexer:

  • Max Indexing Rate: 5,000

Platform Manager:

  • Max LogMart Rate: 100

  • Max Events Rate: 100

Web Console:

  • Max Concurrent Users: 10

D48 v5

vCPU: 48

Memory: 192GB

Windows 2019 or 2022 Standard Edition

Disk Type:

S15 - 256GB

Volume Size:

C Drive: 256 GB

Description:

Operating System

Disk Type:

E40 - 2048 GB

Volume Size:

D Drive: 1748 GB

S Drive: 250 GB

T Drive: 50 GB

Description:

SQL Data/SQL Logs/LR State/SQL Temp

Disk Type:

E60 - 8192 GB

Volume Size:

E Drive: 8192 GB

Description:

Elasticsearch Data

Disk Type:

P15 or P20 - 256 or 512 GB

Volume Size:

L Drive: 256 GB (if DR is used)

or

L Drive: 512 GB (if DR not used)

Description:

SQL Logs

LR-XM8500 Series
(combined PM/DP/DX/AIE/Web server)

Data Processor:

  • Max Processing Rate: 10,000

AI Engine:

  • Max Processing Rate: 10,000

Data Indexer:

  • Max Indexing Rate: 10,000

Platform Manager:

  • Max LogMart Rate: 200

  • Max Events Rate: 200

Web Console:

  • Max Concurrent Users: 15

D64 v5

vCPU: 64

Memory: 256GB

Windows 2019 or 2022 Standard Edition

Disk Type:

S15 - 256GB

Volume Size:

C Drive: 256 GB

Description:

Operating System

Disk Type:

E50 - 4096 GB

Volume Size:

D Drive: 3645 GB

L Drive: 150 GB

S Drive: 250 GB

T Drive: 50 GB

Description:

SQL Data/SQL Logs/LR State/SQL Temp

Disk Type:

E70 - 16384

Volume Size:

E Drive: 16384 GB

Description:

Elasticsearch Data

Disk Type:

P15 or P20 - 256 or 512 GB

Volume Size:

L Drive: 512 GB (if DR is used)

or

L Drive: 256 GB (if DR not used)

Description:

SQL Logs

Platform Manager

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

Disk/Vol Config 3

LR-PMC-Small

Platform Manager only:

  • Max Events Rate: 20

  • Max LogMart Rate: 0-Disabled

Deployments under 5000mps

DR/HA not supported

E4 v5

vCPU: 4

Memory: 32GB

Windows 2019 or 2022 Standard Edition

Disk Type:

S15 - 256GB

Volume Size:

C Drive: 256 GB

Description:

Operating System

Disk Type:

P20 - 512 GB

Volume Size:

D Drive: 350 GB

L Drive: 50 GB

S Drive: 50 GB

T Drive: 50 GB

Description:

SQL Data / SQL Logs / LR State / SQL Temp

not applicable

LR-PMC-Large

Platform Manager only:

  • Max Events Rate: 100

  • Max LogMart Rate: 0-Disabled

Deployments between 5,000 to 10,000mps

DR/HA not supported

D8 v5

vCPU: 8

Memory: 32GB

Windows 2019 or 2022 Standard Edition

Disk Type:

S15 - 256GB

Volume Size:

C Drive: 256 GB

Description:

Operating System

Disk Type:

P30 - 1024 GB

Volume Size:

D Drive: 750 GB

L Drive: 100 GB

S Drive: 100 GB

T Drive: 50 GB

Description:

SQL Data / SQL Logs / LR State / SQL Temp

not applicable

LR-PM5500 Series

Platform Manager:

  • Max LogMart Rate: 800

  • Max Events Rate: 400

AI Engine:

  • Max MPS Rate: 20,000

Web Console:

  • Max Concurrent Users: 15

E16 v5

vCPU: 16

Memory: 128GB

Windows 2019 or 2022 Standard Edition

Disk Type:

S15 - 256GB

Volume Size:

C Drive: 256 GB

Description:

Operating System

Disk Type:

P40 - 2048 GB

Volume Size:

D Drive: 1848 GB

S Drive: 100 GB

T Drive: 100 GB

Description:

SQL Data / LR State / SQL Temp

Disk Type:

P15 or P20 - 256 or 512 GB

Volume Size:

L Drive: 512 GB (if DR is used)

or

L Drive: 256 GB (if DR not used)

Description:

SQL Logs

LR-PM7500 Series

Platform Manager:

  • Max LogMart Rate: 2,000

  • Max Events Rate: 1,000

AI Engine:

  • Max MPS Rate: 30,000

Web Console:

  • Max Concurrent Users: 35

D32 v5

vCPU: 32

Memory: 128GB

Windows 2019 or 2022 Standard Edition

Disk Type:

S15 - 256GB

Volume Size:

C Drive: 256 GB

Description:

Operating System

Disk Type:

P50 - 4096 GB

Volume Size:

D Drive: 3896 GB

S Drive: 100 GB

T Drive: 100 GB

Description:

SQL Data / LR State / SQL Temp

Disk Type:

P20 or P30 - 512 or 1048 GB

Volume Size:

L Drive: 1048 GB (if DR is used)

or

L Drive: 512 GB (if DR not used)

Description:

SQL Logs

DPAWC

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

Disk/Vol Config 3

LR-DPAWC3500

Data Processor:

  • Max Processing Rate: 1,000

AI Engine:

  • Max Processing Rate: 1,000

Web Console:

  • Max Concurrent Users: 5

E4 v5

vCPU: 4

Memory: 32GB

Windows 2019 or 2022 Standard Edition

Disk Type:

S15 - 256GB

Volume Size:

C Drive: 256 GB

Description:

Operating System

Disk Type:

P10 - 128 GB

Volume Size:

S Drive: 128 GB

Description:

State

Disk Type & Volume Size1

Description:

Inactive Archives

LR-DPAWC5500

Data Processor:

  • Max Processing Rate: 5,000

AI Engine:

  • Max Processing Rate: 5,000

Web Console:

  • Max Concurrent Users: 5

E8 v5

vCPU: 4

Memory: 64GB

Windows 2019 or 2022 Standard Edition

Disk Type:

S15 - 256GB

Volume Size:

C Drive: 256 GB

Description:

Operating System

Disk Type:

P15 - 256 GB

Volume Size:

S Drive: 256 GB

Description:

State

Disk Type & Volume Size1

Description:

Inactive Archives

LR-DPAWC7500

Data Processor:

  • Max Processing Rate: 10,000

AI Engine:

  • Max Processing Rate: 10,000

Web Console:

  • Max Concurrent Users: 15

D16 v5

vCPU: 16

Memory: 64GB

Windows 2019 or 2022 Standard Edition

Disk Type:

S15 - 256GB

Volume Size:

C Drive: 256 GB

Description:

Operating System

Disk Type:

P20 - 512 GB

Volume Size:

S Drive: 512 GB

Description:

State

Disk Type & Volume Size1

Description:

Inactive Archives

Data Processor

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

Disk/Vol Config 3

LR-DP5500 Series

Max Processing Rate: 15,000

F32s v2

vCPU: 32

Memory: 64GB

Windows 2019 or 2022 Standard Edition

Disk Type:

S15 - 256GB

Volume Size:

C Drive: 256 GB

Description:

Operating System

Disk Type:

P20 - 512 GB

Volume Size:

S Drive: 512 GB

Description:

State

Disk Type & Volume Size1

Description:

Inactive Archives

LR-DP7500 Series

Max Processing Rate: 40,000

F64s v2

vCPU: 64

Memory: 128GB

Windows 2019 or 2022 Standard Edition

Disk Type:

S15 - 256GB

Volume Size:

C Drive: 256 GB

Description:

Operating System

Disk Type:

P30 - 1024

Volume Size:

S Drive: 1024 GB

Description:

State

Disk Type & Volume Size1

Description:

Inactive Archives

AI Engine

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

LR-AIE7500 Series

Max MPS: 75,000

Max Number of Rules: 2,000

F64s v2

vCPU: 64

Memory: 128GB

Windows 2019 or 2022 Standard Edition

Disk Type:

S15 - 256GB

Volume Size:

C Drive: 256 GB

Description:

Operating System

Disk Type:

P20 - 512 GB

Volume Size:

S Drive: 512 GB

Description:

State

Data Indexer

The DX warm storage values do not match to appliances and can be adjusted based on customer need, with a limit of 120TB total on DXW5120.

Reference Platform

Performance (MPS)

Instance Type

Operating System

Disk/Vol Config 1

Disk/Vol Config 2

Disk/Vol Config 3

Disk/Vol Config 4

Disk/Vol Config 5

LR-DX1500 Series

Data Indexer:

  • Pinned Indexing Rate: 1,000

E8 v5

vCPU: 8

Memory: 64GB

The Rocky Enterprise Software Foundation Inc: Rocky Linux 9

Disk Type :

S15 - 256GB

Volume Size:

/

256 GB

Description:

Operating System

Disk Type:

E50 - 4096GB

Volume Size:

/usr/local/logrhythm

4096 GB

Description:

Elasticsearch Data

not applicable

not applicable

not applicable

LR-DX3500 Series

Data Indexer:

  • Pinned Indexing Rate: 5,000

  • Clustered Indexing Rate: 3000/node

D16 v5

vCPU: 16

Memory: 64GB

The Rocky Enterprise Software Foundation Inc: Rocky Linux 9

Disk Type :

S15 - 256GB

Volume Size:

/

256 GB

Description:

Operating System

Disk Type:

E60 - 8192GB

Volume Size:

/usr/local/logrhythm

8192 GB

Description:

Elasticsearch Data

not applicable

not applicable

not applicable

LR-DX5500 Series

Data Indexer:

  • Pinned Indexing Rate: 10,000

  • Clustered Indexing Rate: 6,000/node

D32 v5

vCPU: 32

Memory: 128GB

The Rocky Enterprise Software Foundation Inc: Rocky Linux 9

Disk Type :

S15

Volume Size:

/

256 GB

Description:

Operating System

Disk Type:

E70 - 16384GB

Volume Size:

/usr/local/logrhythm

16,384 GB

Description:

Elasticsearch Data

not applicable

not applicable

not applicable

LR-DX7500 Series

Data Indexer:

  • Pinned Indexing Rate: 20,000

  • Clustered Indexing Rate: 12,000/node

D64 v5

vCPU: 64

Memory: 256GB

  

The Rocky Enterprise Software Foundation Inc: Rocky Linux 9

Disk Type :

S15

Volume Size:

/

256 GB

Description:

Operating System

Disk Type:

E70 - 16384GB

Volume Size:

/usr/local/logrhythm

Description:

Elasticsearch Data

Disk Type:

E70 - 16384GB

Volume Size:

/usr/local/logrhythm

Description:

Elasticsearch Data

not applicable

not applicable

LR-DXW5120 Series
(dedicated warm tier)

Data Indexer:

  • Max Indexing Rate: 0

E16 v5

vCPU: 16

Memory: 128GB

The Rocky Enterprise Software Foundation Inc: Rocky Linux 9

Disk Type :

S15

Volume Size:

/

256 GB

Description:

Operating System

Disk Type:

S80 - 32,767GB

Volume Size:

/usr/local/logrhythm

Description:

Elasticsearch Data

Disk Type:

S80 - 32,767GB

Volume Size:

/usr/local/logrhythm

Description:

Elasticsearch Data

Disk Type:

S80 - 32,767GB

Volume Size:

/usr/local/logrhythm

Description:

Elasticsearch Data

Additional disks based on TTL required

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close