This is the problem with benchmarking Security Information Event Management (SIEM) sys- tems, which collect security events from one to thousands of devices, each with its own differ- ent log data format. If we take every conceivable environment into consideration, it is impossi- ble to benchmark SIEM systems. We can, however, set one baseline environment against which to benchmark and then include equations so that organizations can extrapolate their own benchmark requirements. That is the approach of this paper