# Metrics ## Overview The Panther API provides the following user metric operations: * Total number of bytes and events that Panther ingested and/or processed over a specific time period * Breakdown of alerts that were generated for each Severity type over a specific time period\\ You can invoke Panther's API by using your Console's API Playground, or the GraphQL-over-HTTP API. Learn more about these methods on [Panther API](/panther-developer-workflows/api.md#step-1-choose-a-method-for-invoking-the-api). See the sections below for GraphQL queries, mutations, and end-to-end workflow examples around core metrics operations. ### `totalBytesIngested` vs. `totalBytesProcessed` The `totalBytesIngested` and `totalBytesProcessed` metrics sound similar, but differ in the following way: * `totalBytesIngested`: the total number of bytes Panther has ingested over the past year (the last 365 days from the current date). * `totalBytesProcessed`: the total number of bytes Panther has ingested within the specific time period defined by your query. ## Common metrics operations Below are some of the most common GraphQL metrics operations in Panther. These examples demonstrate the documents you have to send using a GraphQL client (or `curl`) to make a call to Panther's GraphQL API. **Metrics Query** ```graphql # `GetMetrics` is a nickname for the operation. You can omit any of the # fields/info you're not interested in & only query for what you're after query GetMetrics { metrics(input: { fromDate: "2021-01-01T00:00:00Z" toDate: "2021-12-31T23:59:59Z" }) { alertsPerSeverity { label value breakdown } alertsPerRule { label value entityId } eventsProcessedPerLogType { label value breakdown } bytesProcessedPerSource { label value breakdown } latencyPerLogType { label value } bytesIngestedPerSource { label value } bytesQueriedPerSource { label value breakdown } totalAlerts totalBytesIngested totalBytesProcessed totalBytesQueried totalEventsProcessed } } ``` {% hint style="info" %} The `breakdown` field is only useful for charts that use time as their X-axis. It produces a map of timestamps -> values as a "breakdown" of the `value` field to its constituents. {% endhint %} ### End-to-end examples Below, we build on the operations from the [Common Operations](#common-metrics-operations) examples to showcase an end-to-end use case flow. #### **Fetch Panther's log metrics** {% tabs %} {% tab title="Python" %} ```python # pip install gql aiohttp from gql import gql, Client from gql.transport.aiohttp import AIOHTTPTransport transport = AIOHTTPTransport( url="YOUR_PANTHER_API_URL", headers={"X-API-Key": "YOUR_API_KEY"}, ) client = Client(transport=transport, fetch_schema_from_transport=True) get_metrics = gql( """ query GetMetrics($input: MetricsInput!) { metrics(input: $input) { totalAlerts totalEventsProcessed } } """ ) data = client.execute( get_metrics, variable_values= { "input": { "fromDate": "2022-07-01T00:00:00Z", "toDate": "2022-07-31T23:59:59Z", } } ) print(f'In July, Panther processed {data["metrics"]["totalEventsProcessed"]} events and generated {data["metrics"]["totalAlerts"]} alerts') ``` {% endtab %} {% tab title="NodeJS" %} ```javascript import { GraphQLClient, gql } from "graphql-request"; const client = new GraphQLClient( "YOUR_PANTHER_API_URL", { headers: { "X-API-Key": "YOUR_API_KEY" } } ); const getMetrics = gql` query GetMetrics($input: MetricsInput!) { metrics(input: $input) { totalAlerts totalEventsProcessed } } `; (async () => { try { const data = await client.request(getMetrics, { input: { fromDate: "2022-07-01T00:00:00Z", toDate: "2022-07-31T23:59:59Z" } }); console.log( `In July, Panther processed ${data.metrics.totalEventsProcessed} events and generated ${data.metrics.totalAlerts} alerts.` ); } catch (err) { console.error(err); } })(); ``` {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.panther.com/panther-developer-workflows/api/graphql/metrics.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.