Have you tried adding ingestion labels to the feeds that do not have namespace value filled and use the ingestion labels instead ?
Also what is the forwarder config that is associated with feeds without namespace ?
There is another but more tedious alternative to use parser extensions to fill in the regions in a custom manner as long as you have the network ranges in your environment mapped to countries.

You could create a custom field for the region that is set based on the namespace and then add that custom field to the dashboard.

@AbdElHafez / @cmorris :i managed to use custom expression and finally build it only to see that ingestion metrics (total_size_bytes_gb)via namespace and ingestion metrics (total_size_bytes_gb)via log type are giving 2 seperate results. 

Adding ingestion label means modifying the config, since most of these config are implemented and in production, make any change is lengthy process of creating change requests, so not feasible currently.and creating  custom field  as mentioned is tedious. Since its big environment complete network info is not available.