Skip to main content

To investigate the log ingestion volume by feed ID, I created the following dashboard query:
----------
ingestion.log_type = "CISCO_MERAKI"
$Feed_id = ingestion.feed_id
$Date = timestamp.get_date(ingestion.end_time)

match:
    $Feed_id

outcome:
    $Volume = math.round(sum(ingestion.log_volume) / (1000), 2)

order:
    $Volume desc
----------

However, in addition to the feed IDs, there is a graph entry labeled as "empty."
I would like to understand the reason why this "empty" entry is appearing.
I will attach a screenshot of the graph.

 

It looks like perhaps some of the CISCO_MERAKI logs ingested are missing a value for the ingestion.feed_id field.   You could try adding a condition ingestion.feed_id != "" to filter out any empties to see if that is what is happening.

Thank you for your reply.
 

When I added ingestion.feed_id != "", the logs from stopped appearing, so I realized that there was no value in this field.
 

However, I don't understand why there are logs where the ingestion.feed_id field is empty even though the ingestion is being done in the same way.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.