Hi,
I want to sum the total volume of bytes transferred from one zone to another on my Palo Alto firewall
This the log source
allow=action action_source=from-policy app=dns-base bytes=271 bytes_received=177 bytes_sent=94 category=any category_of_app=networking characteristic_of_app="used-by-malware,has-known-vulnerability,pervasive-use" device_name=PA-440 dport=53 dst=8.8.4.4 dst_category= dst_dag= dst_edl= dst_host= dst_mac= dstuser= from=Client inbound_if=ethernet1/3 is_saas_of_app=no natdport=53 natdst=8.8.4.4 natsport=6071 natsrc=81.166.116.68 ndpmatches=0 outbound_if=ethernet1/1 packets=2 pkts_received=1 pkts_sent=1 policy_id= proto=udp receive_time=2023/10/26 01:59:28 repeatcnt=1 risk_of_app=3 rule=internet-access sanctioned_state_of_app=no sport=37598 src=192.168.86.137 src_category= src_dag= src_edl= src_host= src_mac= srcloc=192.168.0.0-192.168.255.255 srcuser= start=2023/10/26 01:58:59 subcategory_of_app=infrastructure subtype=end technology_of_app=network-protocol to=INTERNET traffic_flags=0x0 type=TRAFFIC vsys=vsys1 vsys_name=
my query is like this, but the output is wrong
sum by(job) (sum_over_time({job="syslog"} |= `` | logfmt | from = `Client` | to = `INTERNET` | unwrap bytes(bytes) [$__range]))
Any tips on how I can accomplish this?
