Skip to main content

Hi Team,

We’re currently using the Ingestion Metrics dashboard in Google SecOps, which provides visibility into log ingestion volume at the log source level. However, we're looking to break this down further and view ingestion metrics per individual Windows server that is sending logs.

Is there a way to:

  • Get ingestion metrics grouped by host/server (e.g., hostname or asset_id)?

  • Possibly use a query in Log Exploration to achieve this granularity.

Any guidance or sample queries would be greatly appreciated.

Thanks in advance!

Best Regards,

Manoj Gowda J

@manoj610 assume you’re using the new native dashboard, below is the schema

https://cloud.google.com/chronicle/docs/reference/ingestion-metrics-schema

There is no metrics columns of host/server, but you can optional to add the namespace or ingestion_source to the ingestion, so it will be added as columns, then you can use ingestion_source or namespace to do the monitoring

some related document → https://cloud.google.com/chronicle/docs/ingestion/silent-host-monitoring

@hzmndt, Thanks for the update. I will try adding the Namespace for each server.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.