Skip to main content

Dashboard creation

  • November 14, 2024
  • 3 replies
  • 26 views
rahul7514
Forum|alt.badge.img+10

Hi

I am trying to build a dashboard panel that contains log ingestion by country over last 30 days . In order to build this  only field that contains region info is the name space the challenge is 
some of the name space has region mentioned and some does not .can i still go ahead and build this dashboard ?

Asset NamespaceRegion
WatchGuard_Firewall_LogsIND
FortiGate_Firewall_LogsAUS
SonicWall_Firewall_LogsUSA
Cradlepoint_NetCloud_LogsUSA
ZeroFox_Global_ LogsGlobal
CiscoASA_Firewall_Logs_UKUK
FortiGate_Firewall_Logs_UKUK
CiscoASA_Firewall_Logs_UKUK
FortiGate_Firewall_Logs_UKUK
Cisco_Meraki_SD_WAN_Logs_HKHK
O365_Audit_AzureActiveDirectory_UKUK
O365_Audit_Exchange_UKUK
O365_Audit_SharePoint_UKUK
O365_Audit_General_UKUK
O365_DLP_All_UKUK

3 replies

AbdElHafez
Staff
Forum|alt.badge.img+12
  • AbdElHafez
  • Staff
  • November 15, 2024

Have you tried adding ingestion labels to the feeds that do not have namespace value filled and use the ingestion labels instead ?
Also what is the forwarder config that is associated with feeds without namespace ?
There is another but more tedious alternative to use parser extensions to fill in the regions in a custom manner as long as you have the network ranges in your environment mapped to countries.

cmorris
Staff
Forum|alt.badge.img+10
  • cmorris
  • Staff
  • November 15, 2024

You could create a custom field for the region that is set based on the namespace and then add that custom field to the dashboard.

rahul7514
Forum|alt.badge.img+10
  • rahul7514Bronze 2
  • Author
  • Bronze 2
  • November 17, 2024

Have you tried adding ingestion labels to the feeds that do not have namespace value filled and use the ingestion labels instead ?
Also what is the forwarder config that is associated with feeds without namespace ?
There is another but more tedious alternative to use parser extensions to fill in the regions in a custom manner as long as you have the network ranges in your environment mapped to countries.


@AbdElHafez / @cmorris :i managed to use custom expression and finally build it only to see that ingestion metrics (total_size_bytes_gb)via namespace and ingestion metrics (total_size_bytes_gb)via log type are giving 2 seperate results. 

Adding ingestion label means modifying the config, since most of these config are implemented and in production, make any change is lengthy process of creating change requests, so not feasible currently.and creating  custom field  as mentioned is tedious. Since its big environment complete network info is not available. 

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.