datastream (search function)
- Omry Koschitzky
Synopsis
Displays processed data details - volume and number of events.
Syntax
datastream
Required Arguments
None
Optional Arguments
Folder/log/server/apptag as source
Description
The datastream function returns the volume and number of events collected by the system for a given period of time. Count = number of log events, Data Volume = volume in bytes.
Examples
Example 1:
* in log.secure | datastream
Returns the number of events and volume of the log source 'secure' for the selected time period.
Example 2:
* in log.secure | datastream | display data volume in volume format
Returns the number of events and volume of the log source 'secure' for the selected time period, formatted.
Example 2:
* in log.secure | datastream | interval 1 hour
Returns the number of events and volume of the log source 'secure' for the selected time period in 1 hour time bucket.
Example 4:
* | datastream | group by ext.log, ext.folder, ext.server | order by data volume desc | display data volume in volume format
Returns the number of events and volume of of all logs. Sorted by data volume, formatted.