RockNSM disk allocation suggestions for 16 TB drive


Hello, everyone!

We are configuring our Rock NSM and would like to get some feedback on how to slice up our 16 TB of hard drive space. I planned on giving most of it (~ 14TB) to Stenographer and it takes up about a TB of storage a day. How much should I leave for Bro, Suricata, Kafka, etc.? Do they level out? Would one TB be enough? I’ve been watching the folders in /data and they keep growing.

Kafka is at 157 GB and growing…
Bro is hovering around 9 GBs
Suricata is at 118 GB and growing…
Elasticsearch is at 46GB and growing…

Hardware: Dell Poweredge R410 Dual Xeon 2,53 GHz 6-core processors, 128GB RAM, 24TB in Raid 5 (16TB usable)