Simple QXL Query help needed

PA_nts — Tue, 16 Jul 2024 08:30:55 GMT

Hi All,

withing query builder i have a very basic query as per below..

dataset = metrics_source
| fields _vendor , _product , total_size_bytes

which shows me the data sources and the amount of ingested data per source which is fine over a period specified in (24hr/days etc)..

what i am trying to achieve is for a period of 24 hours, for it to show how much data being ingested on an hourly basis per device

any idea how to?

thanks in adv

Re: Simple QXL Query help needed

afurze — Tue, 16 Jul 2024 13:50:16 GMT

Hi PA_nts,

You need to use the bin stage for this.

dataset = metrics_source
| fields _vendor , _product , total_size_bytes
| bin _time span = 1h
| comp sum(total_size_bytes) as total_size_bytes by _time, _product

topic Simple QXL Query help needed in Cortex XSIAM Discussions

Simple QXL Query help needed

Re: Simple QXL Query help needed