datastream (search function)
- Omry Koschitzky
Synopsis
Displays processed data details - volume and number of events.
Syntax
datastreamÂ
Required Arguments
None
Optional Arguments
Folder/log/server/apptag as source
Description
The datastream function returns the volume and number of events collected by the system for a given period of time. Count = number of log events, Data Volume = volume in bytes.
Examples
Example 1:Â Â
* in log.secure | datastream
 Returns the number of events and volume of the log source 'secure' for the selected time period.
Example 2:Â Â
* in log.secure | datastream | display data volume in volume format
 Returns the number of events and volume of the log source 'secure' for the selected time period, formatted.
Example 2:Â Â
* in log.secure | datastream | interval 1 hour
Returns the number of events and volume of the log source 'secure' for the selected time period in 1 hour time bucket.
Example 4:Â Â
* | datastream | group by ext.log, ext.folder, ext.server | order by data volume desc | display data volume in volume format
Returns the number of events and volume of of all logs. Sorted by data volume, formatted.