https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/widget-library-xql-query/m-p/592803#M60 <P>Hi PA_nts,</P> <P>&nbsp;</P> <P>First, since this is not your first time posting here, I strongly encourage you to reach out to your Customer Success team for an introduction as they can more quickly handle your questions than posting here.</P> <P>&nbsp;</P> <P>That being said, the queries for OOTB widgets are not exposed (and often do not use XQL but rather query the backend BigQuery database directly).&nbsp; You can query the metrics_source dataset which contains all the ingest volumes in 5-minute increments per datasource.</P> <P>&nbsp;</P> <P>As an example, this query will show you your ingest from Prisma Cloud in one hour increments for the past week:</P> <P>&nbsp;</P> <LI-CODE lang="markup">config timeframe = 7d | dataset = metrics_source | filter _collector_type = "Prisma Cloud" | bin _time span = 1h | comp sum(total_size_bytes) as total_size_bytes by _time</LI-CODE> Tue, 23 Jul 2024 14:59:39 GMT afurze 2024-07-23T14:59:39Z https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/widget-library-xql-query/m-p/592721#M59 <P>Hi All,</P> <P>So in the xsiam portal under 'Dashboard and reports' there is a pre-defined list of Widgets in the library..</P> <P>Within the 'system monitoring' library there is a widget called 'daily consumption' which is great to identify data sources ingestion per day/week/month etc..</P> <P>&nbsp;</P> <P>Question - anyone know how I can retrieve the actual xql query for thiswidget as I would like to create a custom widget but with alterations on this specific query.</P> <P>&nbsp;</P> <P>thanks in adv</P> <P>&nbsp;</P> Tue, 23 Jul 2024 07:45:50 GMT https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/widget-library-xql-query/m-p/592721#M59 PA_nts 2024-07-23T07:45:50Z https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/widget-library-xql-query/m-p/592803#M60 <P>Hi PA_nts,</P> <P>&nbsp;</P> <P>First, since this is not your first time posting here, I strongly encourage you to reach out to your Customer Success team for an introduction as they can more quickly handle your questions than posting here.</P> <P>&nbsp;</P> <P>That being said, the queries for OOTB widgets are not exposed (and often do not use XQL but rather query the backend BigQuery database directly).&nbsp; You can query the metrics_source dataset which contains all the ingest volumes in 5-minute increments per datasource.</P> <P>&nbsp;</P> <P>As an example, this query will show you your ingest from Prisma Cloud in one hour increments for the past week:</P> <P>&nbsp;</P> <LI-CODE lang="markup">config timeframe = 7d | dataset = metrics_source | filter _collector_type = "Prisma Cloud" | bin _time span = 1h | comp sum(total_size_bytes) as total_size_bytes by _time</LI-CODE> Tue, 23 Jul 2024 14:59:39 GMT https://live.paloaltonetworks.com/t5/cortex-xsiam-discussions/widget-library-xql-query/m-p/592803#M60 afurze 2024-07-23T14:59:39Z