+1Hello,
We are looking for a way to get the total volume of logs, data being ingested in SecOps which has feeds setup with multiple tools like AWS, GitLab, Azure etc.
Is there a way to get the ingestion matrix and also the to billing associated with the ingestion.
Thanks
+8Hi,
One way I know is to create dashboards with the ingested volume. You can start with the following query as a baseline:
ingestion.component = "Ingestion API"
ingestion.log_type != ""
ingestion.log_type != "FORWARDER_HEARTBEAT"
$log_type = ingestion.log_type
match:
$log_type
outcome:
$thoughput = math.round(sum(ingestion.log_volume) / (1000 * 1000 * 1000), 1)
order:
$thoughput desc
+2Hi Avish,
It can be presented in a table format for the following dashboards, with event count added in addition to volume.
ingestion.component = "Ingestion API"
ingestion.log_type = $logType
match:
$logType
outcome:
$total_gb = math.round(sum(ingestion.log_volume) / math.pow(1000, 3), 4)
$logCount = sum(ingestion.log_count)
order:
$total_gb desc
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.