Dasboard with daily GB used by servers

Question

Hi,

My goal is to create a dashboard, preferably with the new dashboards not with the old feature,

So far I get GB totals with this query

$Log_Type = ingestion.log_type
$Log_Count = ingestion.log_count


match:
$Log_Type
outcome:

$Total_Size_GB = math.round(sum(ingestion.log_volume) / (1024 * 1024 * 1024), 1)
order:
$Total_Size_GB desc

And I’m able to retrieve the number of logs that each server generate with this query:

$Log_Type = $e.metadata.log_type
$Host = $e.intermediary.hostname
$Date = timestamp.get_date($e.metadata.event_timestamp.seconds)
match:
    $Date, $Log_Type,$Host
outcome:
    $Event_Count = count($e.metadata.event_type)
order:
    $Date desc

But have no luck getting the number of GB each server generates in a daily fashion.

¿can someone hepl me with this task?

ar3diu · Answer

I don’t see a way to do that by looking at the ingestion schema. Maybe you could use ingestion.collector_id and correlate that information with SIEM feeds; however, for Bindplane agents, the best way would probably be to use either Cloud Monitoring or simply rely on the log count rather than GB ingested.

https://docs.cloud.google.com/chronicle/docs/reference/ingestion-metrics-schema#ingestion_api_schema

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded