Below is the query used for creating timestamp chart for waf traffic
namespace = "onb-aws-waf"
metadata.event_type != "STATUS_UPDATE"
metadata.event_type = $event_type
security_result.action = $security_result
match:
$security_result, $event_type by hour
outcome:
$Count = count(metadata.id)
$Date = timestamp.get_timestamp(max(metadata.event_timestamp.seconds), "%b %d %H")
Order:
$Date
How one can get the total traffic in New Dashboard such that I get to plot Blocked and Total Traffic on one graph.
we do not want to map ALLOW instead Block and Total
