Skip to main content

How to Get Log Ingestion Metrics Per Server for Windows Log Source in native dashboard?

  • July 24, 2025
  • 2 replies
  • 84 views
manoj610
Forum|alt.badge.img+4

Hi Team,

We’re currently using the Ingestion Metrics dashboard in Google SecOps, which provides visibility into log ingestion volume at the log source level. However, we're looking to break this down further and view ingestion metrics per individual Windows server that is sending logs.

Is there a way to:

  • Get ingestion metrics grouped by host/server (e.g., hostname or asset_id)?

  • Possibly use a query in Log Exploration to achieve this granularity.

Any guidance or sample queries would be greatly appreciated.

Thanks in advance!

Best Regards,

Manoj Gowda J

2 replies

hzmndt
Staff
Forum|alt.badge.img+9
  • hzmndt
  • Staff
  • July 30, 2025

@manoj610 assume you’re using the new native dashboard, below is the schema

https://cloud.google.com/chronicle/docs/reference/ingestion-metrics-schema

There is no metrics columns of host/server, but you can optional to add the namespace or ingestion_source to the ingestion, so it will be added as columns, then you can use ingestion_source or namespace to do the monitoring

some related document → https://cloud.google.com/chronicle/docs/ingestion/silent-host-monitoring

    manoj610
    Forum|alt.badge.img+4
    • manoj610
    • Author
    • New Member
    • August 1, 2025

    @hzmndt, Thanks for the update. I will try adding the Namespace for each server.

    Terms & ConditionsCookie settingsAccessibility statement
    Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

    © 2025 Google. All rights reserved.