Hello,
I have logs from my firewall coming in through Loki to Grafana. I am trying to build a dashboard to monitor IPs in our internal network that are sending the most data to the public internet. The logs that I am working with include a portion that goes – sendbyte=6524 (this number could be any number). I am trying to have the query add all the sendbyte values per each unique IP and give me the top 10 IPs with the highest sum of sendbyte value. I’m having a lot of trouble building this query and ChatGPT hasn’t been helpful. Can someone help me please?
The end goal here is to have a panel in my dashboard that lists 10 IPs and the corresponding value of bytes sent from our internal network to outside.
Here is the query I currently have
topk(10, sum by(sentbyte) (
sum by(srcip) (count_over_time({job="fortinet_logs", srcintf="x4", dstintf="x3"} |= `sentbyte` [24h]))
))
Thank you