Last updated
Was this helpful?
Last updated
Was this helpful?
The Panther API provides the following user metric operations:
Total number of bytes and events that Panther ingested and/or processed over a specific time period
Breakdown of alerts that were generated for each Severity type over a specific time period
You can invoke Panther's API by using your Console's API Playground, or the GraphQL-over-HTTP API. Learn more about these methods on .
See the sections below for GraphQL queries, mutations, and end-to-end workflow examples around core metrics operations.
totalBytesIngested
vs. totalBytesProcessed
The totalBytesIngested
and totalBytesProcessed
metrics sound similar, but differ in the following way:
totalBytesIngested
: the total number of bytes Panther has ingested over the past year (the last 365 days from the current date).
totalBytesProcessed
: the total number of bytes Panther has ingested within the specific time period defined by your query.
Below are some of the most common GraphQL metrics operations in Panther. These examples demonstrate the documents you have to send using a GraphQL client (or curl
) to make a call to Panther's GraphQL API.
Metrics Query
The breakdown
field is only useful for charts that use time as their X-axis. It produces a map of timestamps -> values as a "breakdown" of the value
field to its constituents.
Below, we build on the operations from the examples to showcase an end-to-end use case flow.
Panther API user data for measuring ingestion and alert metrics