+7Hey, is there a way to know what is the current log consumption per project? This post shows per type [1] but Im not really sure how to filter more to know the log consumption per project. Thank you!
[1] https://medium.com/@thatsiemguy/creating-an-asset-dashboard-in-chronicle-siem-3d6642e7edbb
+7@keso What do you mean "per project"? Are you talking about GCP Project or something else?
Yes, per GCP project.
+8Do you currently have a way to make a distinction between which log types are coming from which GCP project? Meaning, are the logs being labeled or are there already fields within each event that tells you which GCP project that event came from?
+7Do you currently have a way to make a distinction between which log types are coming from which GCP project? Meaning, are the logs being labeled or are there already fields within each event that tells you which GCP project that event came from?
Yes, there is. There are several labels in the UDM Event that contain the information of the project where it came from. To mention a few:
target.cloud.project.name
+7Do you currently have a way to make a distinction between which log types are coming from which GCP project? Meaning, are the logs being labeled or are there already fields within each event that tells you which GCP project that event came from?
I'm close, Im able to get the UDM count per project but not the "Total Size Bytes" per GCP project.
When editing a Title in the dashboards:
In "Ingestion Metrics" it is not possible to filter by project but it has the "Total Size Bytes" Metric.
In "UDM" it is possible to use any of the variables from before (such as target.cloud.project.name) but it does not have the "Total Size Bytes" Metric. A lot of metric (such as count) but not the "Total Size Bytes GiB"
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
