QUESTION

How can I query daily log collection volume and event counts broken down by log source and schema table in Panther, to use in internal operational reports?

ANSWER

Panther does not expose metric data directly in the data lake, but depending on the format you need, you can achieve this using Panther's Metrics GraphQL API.

For example, you can run the following in the API Playground to fetch the hourly event count and volume for each log type ingested daily (feel free to adjust the date):

query GetMetrics {
  metrics(input:{fromDate: "2026-01-13T00:00:00Z", toDate: "2026-01-14T00:00:00Z", intervalInMinutes: 60}) {
 		  bytesProcessedPerSource {
        breakdown,
        label,
        value
      }
    	totalBytesProcessed,
      eventsProcessedPerLogType {
        breakdown,
        label,
        value
      }
      totalEventsProcessed
  }
}

For additional query examples, you can check PantherFlow SOC operations examples and Data Explorer SQL examples.