Skip to main content
Panther Knowledge Base

Does my log source overview in the Panther Console report raw ingested log volume or uncompressed?

  1. Last updated
  2. Save as PDF

QUESTION

When I view the log source overview page in Panther, I can see how much data has been ingested over a given time period. Are the figures reported based on the raw (compressed) data that is sent to Panther, or the data after Panther extracts it for parsing?

ANSWER

The metrics reported in the overview page are based on the data as it is received by our parsing engine. If you send compressed data to Panther, it will be decompressed first before being parsed. This can sometimes result in the overview metrics appearing up to 10 times larger than the compressed source data.

Note: When filtering your log source in Panther, those filtered logs will not count towards your processed data.

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.