Can I view the volume of log data ingested into Panther (over a time period)?

Last updated
Save as PDF

QUESTION

How can I check how much data has been ingested by Panther over a specific time span?

ANSWER

To do this, you can leverage our metrics API endpoint. This endpoint conveys information about alerts, ingestion, and detections. The following examples demonstrate getting data about log ingestion via our API.

Kindly note that totalBytesProcessed and totalBytesIngested are essentially the same metric. However, for the ingested one, instead of returning the bytes during the user's input time frame, we return how many bytes per log type have been ingested in the past year. The field totalBytesProcessed is based on the time frame that has been provided by the user.

Example 1: Total Amount Ingested

query getIngest {
  metrics(input: {
    fromDate: "2023-11-01T00:00:00Z",
    toDate: "2023-11-30T23:59:59Z"
  }) {
    totalBytesProcessed
  }
}

Example 2: Ingestion Breakdown by Log Type

query getIngest {
  metrics(input: {
    fromDate: "2023-11-01T00:00:00Z",
    toDate: "2023-11-30T23:59:59Z"
  }) {
    bytesProcessedPerSource {
      label
      value
    }
  }
}