+3The following query aggregates the log intake volume for each Feed ID on the dashboard.
ingestion.log_type = "CISCO_MERAKI"
$Feed_id = ingestion.feed_id
$Date = timestamp.get_date(ingestion.end_time)
match:
$Feed_id
outcome:
$Volume = math.round(sum(ingestion.log_volume) / (1000), 2)
order:
$Volume desc
The graph shows the Feed ID, but is it possible to change this to an arbitrary name?
If possible, I would like to know how to do this.
Best answer by jstoner
You could do something like this with a set of nested if/then statements (conditional logic)...Down the road a data table may be another way to do it, but for now this will work.
ingestion.log_type = "CISCO_MERAKI"
$Feed_id = if(ingestion.feed_id = "feeds/hvncz2222", "Cisco - Internal", if(ingestion.feed_id = "feeds/y4ve11111", "Cisco - DMZ", if(ingestion.feed_id = "feeds/4ru5q4444", "Cisco - External", "Cisco - Something Else")))
//$Feed_id = ingestion.feed_id
$Date = timestamp.get_date(ingestion.end_time)
match:
$Feed_id
outcome:
$Volume = math.round(sum(ingestion.log_volume) / (1000), 2)
order:
$Volume desc
+22You could do something like this with a set of nested if/then statements (conditional logic)...Down the road a data table may be another way to do it, but for now this will work.
ingestion.log_type = "CISCO_MERAKI"
$Feed_id = if(ingestion.feed_id = "feeds/hvncz2222", "Cisco - Internal", if(ingestion.feed_id = "feeds/y4ve11111", "Cisco - DMZ", if(ingestion.feed_id = "feeds/4ru5q4444", "Cisco - External", "Cisco - Something Else")))
//$Feed_id = ingestion.feed_id
$Date = timestamp.get_date(ingestion.end_time)
match:
$Feed_id
outcome:
$Volume = math.round(sum(ingestion.log_volume) / (1000), 2)
order:
$Volume desc
+3Thank you for your reply.
I was able to achieve what I wanted using the query you taught me!
Thank you for your cooperation!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.