Document toolboxDocument toolbox

Ingestion and licensing tab

Owned by Borja Moro Moreno
Last updated: Dec 05, 2024 by Julio Vargas
5 min read
[ 1 Key values ] [ 2 Number of events ] [ 3 Ingestion volume ] [ 4 Ingestion by technology ] [ 5 Total daily volume ]

Key values

In the Ingestion and licensing tab, you will see a series of informative panels at the top area:

10_Ingesting and licensing tab.png

Daily license usage summary

This panel shows three different metrics calculated using data registered during the last 30 days:

  • Average daily ingestion: the amount of data ingested in your domain.

from siem.logtrust.collector.counter where kind = "technology" group every 1h select sum(bytes) as bytes select formatdate(eventdate, "YY-MM-DD") as date_str select parsedate(date_str, "YY-MM-DD") as date_timestamp group by date_timestamp select sum(bytes) as bytes group select avg(bytes) as avg_bytes

  • License entitlement: the ingestion volume contracted.

  • Difference: the remaining amount of data still available to ingest, which appears in green when more can be ingested and red when the license entitlement has been exceeded. This value is merely informative, meaning that the daily ingestion can be exceeded occasionally as long as the monthly average is below the entitlement.

Live ingestion stats

This panel shows two different metrics calculated using data registered during the selected period. You can use the dropdown at the top right of the widget to choose between 1 minute, 5 minutes, 1 hour, or 1 day.

  • Events per second

from siem.logtrust.collector.counter where kind = "technology" group every 1m select sum(events)/60 as EPS group select round(avg(EPS)) as avg_EPS

  • Bandwidth per second

from siem.logtrust.collector.counter where kind = "technology" group every 1m select sum(bytes)/60 as bps group select round(avg(bps)) as avg_bps

Number of events

In this section you can find the total number of events received during the last 24 hours, represented as a line chart. This widget is interactive and allows you to:

  • Zoom in on a specific section to visualize it better → click and drag on the chart and click reset zoom at the top right to restore the original view.

  • See tooltip with the value of a specific moment in time → hover over a specific point on the chart.

20_Ingesting and licensing tab.png

Ingestion volume

In this section you can find the volume of the events received for each data table during the last 30 days, represented as a stacked column chart. You can also see a green line that indicates the average volume and, when your license entitlement has been exceeded, a red line that indicates what your license entitlement is. This widget is interactive and allows you to:

  • Zoom in on a specific section to visualize it better → click and drag on the chart and click reset zoom at the top right to restore the original view.

  • Highlight a specific table on the chart → hover over the table name within the legend on the right side of the chart and the rest of the tables will be dimmed.

  • Hide a specific table you’re not interested in → click on the table name within the legend on the right side of the chart and its name will be grayed out on the legend while hidden on the chart. Click it again to get it back.

  • See a tooltip with the values of a specific day → hover over a column and a tooltip will reveal the values for each table during that day and the percentage they represent from the total.

Ingestion by technology

In this section you can find the volume of the events received for each technology during the last 7 days, represented as a Voronoi chart. This widget is interactive and allows you to:

  • Zoom in on a specific section to visualize it better → scroll up and down while holding the ctrl key to zoom in or out.

  • Drill down to visualize the different brands for each technology and the different types for each brand → double-click on a cell to drill down one level and double-click once again for a subsequent level. Double-right-click to go back one level or press the esc key reset the view to the upper level.

  • See a tooltip with the value of a specific technology, brand, or type → hover over a cell and a tooltip will reveal the values for and the percentage they represent from the total.

Total daily volume

In this section you can find the volume of the events received each day during the last 12 months, represented as a calendar heatmap. In this chart, each cell represents a different day and the color scale used to paint cells is calculated dynamically using the lowest and highest volumees in the year as reference values. This widget is interactive and allows you to:

  • See a tooltip with the values of a specific day → hover over a cell and a tooltip will reveal the date and the corresponding value.

  • Highlight cells of the same color on the chart → hover over a color point on the legend at the bottom to see the days that correspond to that specific color.

Â