Skip to main content
Question

Dashboards - Tracking changes month over month

  • October 24, 2025
  • 2 replies
  • 53 views
smit8
Forum|alt.badge.img+6

How can I track month over month stats in my dashboard? Would a multi stage query work for this?

 

For example, how would I take the curated dashboard query:

$event.ingestion.component = "Ingestion API"

$Log_Type = $event.ingestion.log_type
$Log_Type != ""
match:
    $Log_Type
outcome:
    $Count = sum($event.ingestion.log_volume)
order:
    $Count desc
limit:
    50

 

and modify it to return stats for each log type - one that looks at current 30 days and one the 30 days before that and calcs the difference?

2 replies

smit8
Forum|alt.badge.img+6
  • smit8Bronze 1
  • Author
  • Bronze 1
  • October 27, 2025

Trying for detections as well. I have something like this:

 

stage stat {

 $rn = detection.detection.rule_name

 match:

  $rn by 7d

 outcome:

  $count = count(detection.id)

$detect = $stage.rn

$bucket = strings.concat(timestamp.get_timestamp($stage.window_start), “|”, $stat.count)

match:

 $detect

outcome:

 $list = array_distinct($bucket)

 $count = count_distinct($stat.window_start)

 

That gets me the rule and count of detections over reach period, plus an overall count, but I don’t see a great way to graph the data or calculate percentages from here.

smit8
Forum|alt.badge.img+6
  • smit8Bronze 1
  • Author
  • Bronze 1
  • October 29, 2025

Looks like multi-stage will not work as it is capped at 30 days and match is smaller too

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.