07-23-2024 12:45 AM
Hi All,
So in the xsiam portal under 'Dashboard and reports' there is a pre-defined list of Widgets in the library..
Within the 'system monitoring' library there is a widget called 'daily consumption' which is great to identify data sources ingestion per day/week/month etc..
Question - anyone know how I can retrieve the actual xql query for thiswidget as I would like to create a custom widget but with alterations on this specific query.
thanks in adv
07-23-2024 07:59 AM
Hi PA_nts,
First, since this is not your first time posting here, I strongly encourage you to reach out to your Customer Success team for an introduction as they can more quickly handle your questions than posting here.
That being said, the queries for OOTB widgets are not exposed (and often do not use XQL but rather query the backend BigQuery database directly). You can query the metrics_source dataset which contains all the ingest volumes in 5-minute increments per datasource.
As an example, this query will show you your ingest from Prisma Cloud in one hour increments for the past week:
config timeframe = 7d
| dataset = metrics_source
| filter _collector_type = "Prisma Cloud"
| bin _time span = 1h
| comp sum(total_size_bytes) as total_size_bytes by _time
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
