Forum Discussion
WireData get count all the TotalBytes in 1 row.
Hi guys Need some help with query WireData, need to get a total number of TotalBytes in 1 row. I did something like this but the count is wrong or maybe I'm doing something wrong. WireData | ...
Found a solution:
//Find total network inbound outbound total bytes in WINDOWS
WireData
| where TimeGenerated < ago(5m)
| summarize sum(TotalBytes) by Computer
//| project Computer , SessionStartTime , SessionEndTime , LocalIP , ReceivedBytes , SentBytes , TotalBytes
| where sum_TotalBytes < 0
----------------------------------------------------------------------------------------
//Find total network inbound outbound total bytes in LINUX
Perf
| where ObjectName == "Network"
| summarize sum(CounterValue) by Computer
| where sum_CounterValue < 0
//Find total network inbound outbound total bytes in WINDOWS
WireData
| where TimeGenerated < ago(5m)
| summarize sum(TotalBytes) by Computer
//| project Computer , SessionStartTime , SessionEndTime , LocalIP , ReceivedBytes , SentBytes , TotalBytes
| where sum_TotalBytes < 0
----------------------------------------------------------------------------------------
//Find total network inbound outbound total bytes in LINUX
Perf
| where ObjectName == "Network"
| summarize sum(CounterValue) by Computer
| where sum_CounterValue < 0