Forum Discussion
Alex Kobin
Jul 25, 2018Copper Contributor
WireData get count all the TotalBytes in 1 row.
Hi guys
Need some help with query WireData, need to get a total number of TotalBytes in 1 row.
I did something like this but the count is wrong or maybe I'm doing something wrong.
WireData
| where TotalBytes > 0
| summarize count() by Computer
And I want to get only 1 answer in 5 min counted, and not all the solutions that the WireData gives me all 30-40 seconds (i can see it in SessionStartTime/SessionEndtime).
Thanks.
- Noa Kuperberg
Microsoft
Hey Alex,
Your solution makes sense, but will only return you the results from the last 5 minutes.
If you'd like to see that total number per 5 minutes, I'd recommend using
WireData | summarize sum(TotalBytes) by Computer, bin(TimeGenerated, 5m)
to see it as a chart, you can add '| render timechart' at the end, as shown here.
- Alex KobinCopper ContributorFound a solution:
//Find total network inbound outbound total bytes in WINDOWS
WireData
| where TimeGenerated < ago(5m)
| summarize sum(TotalBytes) by Computer
//| project Computer , SessionStartTime , SessionEndTime , LocalIP , ReceivedBytes , SentBytes , TotalBytes
| where sum_TotalBytes < 0
----------------------------------------------------------------------------------------
//Find total network inbound outbound total bytes in LINUX
Perf
| where ObjectName == "Network"
| summarize sum(CounterValue) by Computer
| where sum_CounterValue < 0