Hi Team,
We’re currently using the Ingestion Metrics dashboard in Google SecOps, which provides visibility into log ingestion volume at the log source level. However, we're looking to break this down further and view ingestion metrics per individual Windows server that is sending logs.
Is there a way to:
-
Get ingestion metrics grouped by host/server (e.g., hostname or asset_id)?
-
Possibly use a query in Log Exploration to achieve this granularity.
Any guidance or sample queries would be greatly appreciated.
Thanks in advance!
Best Regards,
Manoj Gowda J